/**
* exception handler; allows to remove paths from error messages and show
* optional stack trace
**/
public static function exceptionHandler($exception)
{
$exc_class = get_class($exception);
try {
$logger = CAT_Helper_KLogger::instance(CAT_PATH . '/temp/logs', 2);
$logger->logFatal(sprintf('Exception with message [%s] emitted in [%s] line [%s]', $exception->getMessage(), $exception->getFile(), $exception->getLine()));
} catch (Exception $e) {
}
if (isset($exc_class::$exc_trace) && $exc_class::$exc_trace === true) {
$traceline = "#%s %s(%s): %s(%s)";
$msg = "Uncaught exception '%s' with message '%s'<br />" . "<div style=\"font-size:smaller;width:80%%;margin:5px auto;text-align:left;\">" . "in %s:%s<br />Stack trace:<br />%s<br />" . "thrown in %s on line %s</div>";
$trace = $exception->getTrace();
foreach ($trace as $key => $stackPoint) {
$trace[$key]['args'] = array_map('gettype', $trace[$key]['args']);
}
// build tracelines
$result = array();
foreach ($trace as $key => $stackPoint) {
$result[] = sprintf($traceline, $key, isset($stackPoint['file']) ? $stackPoint['file'] : '-', isset($stackPoint['line']) ? $stackPoint['line'] : '-', $stackPoint['function'], implode(', ', $stackPoint['args']));
}
// trace always ends with {main}
$result[] = '#' . ++$key . ' {main}';
// write tracelines into main template
$msg = sprintf($msg, get_class($exception), $exception->getMessage(), $exception->getFile(), $exception->getLine(), implode("<br />", $result), $exception->getFile(), $exception->getLine());
} else {
// filter message
$message = $exception->getMessage();
$message = str_replace(array(CAT_Helper_Directory::sanitizePath(CAT_PATH), str_replace('/', '\\', CAT_Helper_Directory::sanitizePath(CAT_PATH))), array('[path to]', '[path to]'), $message);
$msg = "[{$exc_class}] {$message}";
}
// log
$logger->logFatal($msg);
// show detailed error information to admin only
if (CAT_Users::is_authenticated() && CAT_Users::is_root()) {
CAT_Object::printFatalError($msg);
} else {
CAT_Object::printFatalError("An internal error occured. We're sorry for inconvenience.");
}
}
function Dwoo_Plugin_display_name(Dwoo $dwoo)
{
return CAT_Users::get_display_name();
}
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
// =================
// ! Get new content
// =================
$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
// if HTMLPurifier is enabled...
$r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
if ($r) {
// use HTMLPurifier to clean up the output
$content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
}
} else {
$content = $val->add_slashes($content);
}
/**
* searching in $text will be much easier this way
*/
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
/**
* save
// =============================
$query_sections = $backend->db()->query('SELECT `module` FROM `' . CAT_TABLE_PREFIX . 'sections` WHERE `page_id`= ' . $page_id . ' AND `section_id` = ' . $update_section_id);
if ($query_sections->numRows() == 1) {
if ($section = $query_sections->fetchRow(MYSQL_ASSOC)) {
if (!is_numeric(array_search($section['module'], $module_permissions))) {
$sql = $block != '' ? '`block` = ' . $backend->add_slashes($block) . ', ' : '';
$sql .= $name != '' ? '`name` = "' . mysql_real_escape_string($name) . '", ' : '';
$date_from = $day_from * $month_from * $year_from > 0 ? mktime($hour_from, $minute_from, 0, $month_from, $day_from, $year_from) : 0;
$date_to = $day_to * $month_to * $year_to > 0 ? mktime($hour_to, $minute_to, 0, $month_to, $day_to, $year_to) : 0;
if ($date_from > $date_to) {
$backend->print_error($backend->lang->translate('Please check your entries for dates'), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
$sql .= '`publ_start` = ' . $date_from . ', ';
$sql .= '`publ_end` = ' . $date_to . ', ';
$sql .= '`modified_when` = "' . time() . '", ';
$sql .= '`modified_by` = ' . CAT_Users::get_user_id();
$backend->db()->query('UPDATE ' . CAT_TABLE_PREFIX . 'sections SET ' . $sql . ' WHERE `page_id`= ' . $page_id . ' AND section_id = ' . $update_section_id . ' LIMIT 1');
}
} else {
$backend->print_error('You do not have permissions to modify this page', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
} else {
$backend->print_error('Section not found', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
}
// ============================================
// ! Check for error or print success message
// ============================================
if ($backend->db()->isError()) {
$backend->print_error($backend->db()->getError(), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
} else {
} else {
if (!$user->validatePassword($new_password_1)) {
$err_msg[] = $user->getPasswordError();
}
}
}
#$current_password = md5($current_password);
$new_password_1 = md5($new_password_1);
$new_password_2 = md5($new_password_2);
// =======================================================================================
// ! if no validation errors, try to update the database, otherwise return errormessages
// =======================================================================================
if (!count($err_msg)) {
$user_id = $user->get_user_id();
// check pw
if (!CAT_Users::checkUserLogin($user->get_username(), $current_password)) {
print json_encode(array('success' => false, 'message' => $backend->lang()->translate('The (current) password you entered is incorrect')));
exit;
}
// --- save basics ---
$sql = sprintf('UPDATE `%susers` SET `display_name` = "%s", ' . '`password` = "%s", ' . '`email` = "%s", ' . '`language` = "%s" ' . 'WHERE `user_id` = %d ' . 'AND `password` = "%s"', CAT_TABLE_PREFIX, $display_name, $new_password_1, $email, $language, $user_id, md5($current_password));
if (($stmt = $backend->db()->query($sql)) !== false) {
// update successful
// --- save additional settings ---
$backend->db()->query('DELETE FROM `' . CAT_TABLE_PREFIX . 'users_options` WHERE `user_id` = ' . $user_id);
foreach ($extended as $opt => $check) {
$value = $val->sanitizePost($opt);
//echo "OPT -$opt- VAL -$value- CHECK -$check- VALID -" . call_user_func($check,$value) . "-\n<br />";
if ($check && !call_user_func($check, $value)) {
continue;
}
/**
*
**/
function toggle_active($id)
{
global $parser, $val, $backend;
$groups = CAT_Users::get_groups_id();
if (!CAT_Helper_Droplet::is_allowed('modify_droplets', $groups)) {
$backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
}
$data = CAT_Helper_Droplet::getDroplet($id);
$new = $data['active'] == 1 ? 0 : 1;
$backend->db()->query('UPDATE `:prefix:mod_droplets` SET active=:active WHERE id=:id', array('active' => $new, 'id' => $id));
return list_droplets();
}
/**
* if auth_max_login_length is changed, there must not be any users that have
* longer names
**/
function check_auth_max_login_length($value, $oldvalue)
{
global $database, $err_msg;
$result = $database->query(sprintf('select count(*) as cnt from `%susers` where char_length(username)>%d', CAT_TABLE_PREFIX, $value));
if ($result->numRows()) {
$row = $result->fetchRow(MYSQL_ASSOC);
if ($row['cnt'] > 0) {
$err_msg[] = CAT_Users::getInstance()->lang()->translate('The max. Login name length could not be saved. There is/are {{ count }} user/s that have longer names.', array('count' => $row['cnt']));
return $oldvalue;
}
}
return $value;
}
/**
* Install a Droplet from a ZIP file (the ZIP may contain more than one
* Droplet)
*
* @access public
* @param string $temp_file - name of the ZIP file
* @return array see droplets_import() method
*
**/
public static function installDroplet($temp_file)
{
$self = self::getInstance();
$temp_unzip = CAT_PATH . '/temp/droplets_unzip/';
CAT_Helper_Directory::createDirectory($temp_unzip);
$errors = array();
$imports = array();
$count = 0;
// extract file
$list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract();
// get .php files
$files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/');
// now, open all *.php files and search for the header;
// an exported droplet starts with "//:"
foreach ($files as $file) {
if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') {
$description = NULL;
$usage = NULL;
$code = NULL;
// Name of the Droplet = Filename
$name = pathinfo($file, PATHINFO_FILENAME);
// Slurp file contents
$lines = file($temp_unzip . '/' . $file);
// First line: Description
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$description = addslashes($match[1]);
array_shift($lines);
}
// Second line: Usage instructions
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$usage = addslashes($match[1]);
array_shift($lines);
}
// there may be more comment lines; they will be added to the usage instructions
while (preg_match('#^//(.*)$#', $lines[0], $match)) {
$usage .= addslashes(trim($match[1]));
array_shift($lines);
}
if (!$description && !$usage) {
// invalid file
$errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)');
continue;
}
// Remaining: Droplet code
$code = implode('', $lines);
// replace 'evil' chars in code
$tags = array('<?php', '?>', '<?');
//$code = addslashes(str_replace($tags, '', $code));
$code = str_replace($tags, '', $code);
// Already in the DB?
$stmt = 'INSERT';
$id = NULL;
$found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name));
if ($found->rowCount()) {
$stmt = 'REPLACE';
$id = $found->fetchColumn();
}
// execute
$q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage';
$params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage);
$result = $self->db()->query($q, $params);
if (!$self->db()->isError()) {
$count++;
$imports[$name] = 1;
} else {
$errors[$name] = $self->db()->getError();
}
}
// check for data directory
if (file_exists($temp_unzip . '/data')) {
// copy all files
CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/');
}
}
// cleanup; ignore errors here
CAT_Helper_Directory::removeDirectory($temp_unzip);
return array('count' => $count, 'errors' => $errors, 'imported' => $imports);
}
$tpl_data['blocks'][$bcnt]['current_block_name'] = $parser->get_template_block_name($current_template, $section['block']) . ' (' . $backend->lang()->translate('Block number') . ': ' . $section['block'] . ')';
$tpl_data['blocks'][$bcnt]['section_id'] = $section['section_id'];
$tpl_data['blocks'][$bcnt]['module'] = $section['module'];
$tpl_data['blocks'][$bcnt]['name'] = $section['name'];
$tpl_data['blocks'][$bcnt]['date_day_from'] = $section['publ_start'] > 0 ? date('d', $section['publ_start']) : '';
$tpl_data['blocks'][$bcnt]['date_month_from'] = $section['publ_start'] > 0 ? date('m', $section['publ_start']) : '';
$tpl_data['blocks'][$bcnt]['date_year_from'] = $section['publ_start'] > 0 ? date('Y', $section['publ_start']) : '';
$tpl_data['blocks'][$bcnt]['date_hour_from'] = $section['publ_start'] > 0 ? date('H', $section['publ_start']) : '';
$tpl_data['blocks'][$bcnt]['date_minute_from'] = $section['publ_start'] > 0 ? date('i', $section['publ_start']) : '';
$tpl_data['blocks'][$bcnt]['date_day_to'] = $section['publ_start'] > 0 ? date('d', $section['publ_end']) : '';
$tpl_data['blocks'][$bcnt]['date_month_to'] = $section['publ_start'] > 0 ? date('m', $section['publ_end']) : '';
$tpl_data['blocks'][$bcnt]['date_year_to'] = $section['publ_start'] > 0 ? date('Y', $section['publ_end']) : '';
$tpl_data['blocks'][$bcnt]['date_hour_to'] = $section['publ_start'] > 0 ? date('H', $section['publ_end']) : '';
$tpl_data['blocks'][$bcnt]['date_minute_to'] = $section['publ_start'] > 0 ? date('i', $section['publ_end']) : '';
$tpl_data['blocks'][$bcnt]['modified_when'] = $section['modified_when'] ? CAT_Helper_DateTime::getDateTime($section['modified_when']) : '';
$tpl_data['blocks'][$bcnt]['modified_by'] = $section['modified_by'] ? (CAT_Users::get_user_details($section['modified_by'], 'display_name') ? CAT_Users::get_user_details($section['modified_by'], 'display_name') : '') . ' (' . CAT_Users::get_user_details($section['modified_by'], 'username') . ')' : '';
// load language file (if any)
$langfile = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages/' . LANGUAGE . '.php');
if (file_exists($langfile)) {
if (!$backend->lang()->checkFile($langfile, 'LANG', true)) {
// old fashioned language file
include $langfile;
} else {
// modern language file
$backend->lang()->addFile(LANGUAGE . '.php', CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages'));
}
}
// ======================================================
// ! Include the module and add it to the output buffer
// ======================================================
ob_start();
/**
* get last DB error
*
* @access public
* @return string
**/
public function getError()
{
// show detailed error message only to global admin
if (CAT_Users::is_authenticated() && CAT_Users::is_root()) {
return $this->lasterror;
} else {
return "An internal error occured. We're sorry for inconvenience.";
}
}
/**
* Check whether a page is visible or not
* This will check page-visibility, user- and group permissions
*
* @access public
* @param integer $page_id
* @return boolean
**/
public static function isVisible($page_id)
{
$show_it = false;
$page = self::properties($page_id);
switch ($page['visibility']) {
// never shown in FE
case 'none':
case 'deleted':
$show_it = false;
break;
// shown if called, but not in menu
// shown if called, but not in menu
case 'hidden':
if (self::selectPage() == $page_id) {
$show_it = true;
}
break;
// always visible
// always visible
case 'public':
$show_it = true;
break;
// shown if user is allowed
// shown if user is allowed
case 'private':
case 'registered':
if (CAT_Users::is_authenticated() == true) {
// check language
if (CAT_Registry::get('PAGE_LANGUAGES') == 'false' || (self::properties($page_id, 'language') == '' || self::properties($page_id, 'language') == LANGUAGE)) {
$show_it = CAT_Users::is_group_match(CAT_Users::get_groups_id(), $page['viewing_groups']) || CAT_Users::is_group_match(CAT_Users::get_user_id(), $page['viewing_users']) || CAT_Users::is_root();
}
} else {
$show_it = false;
}
break;
}
return $show_it;
}
function Dwoo_Plugin_user_logged_in(Dwoo $dwoo)
{
return CAT_Users::is_authenticated();
}
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
header('Content-type: application/json');
$backend = CAT_Backend::getInstance('admintools', 'blackcatFilter', false, false);
$val = CAT_Helper_Validate::getInstance();
$error = NULL;
if (!CAT_Users::getInstance()->checkPermission('admintools', 'blackcatFilter')) {
$ajax = array('message' => $backend->lang()->translate('You do not have permissions to modify this page'), 'success' => false);
print json_encode($ajax);
exit;
}
$filter = $val->get('_REQUEST', 'filter');
$action = $val->get('_REQUEST', 'action');
// filter to activate/deactivate?
if ($action != 'delete') {
$value = $action == 'activate' ? 'Y' : 'N';
$backend->db()->query(sprintf("UPDATE `%smod_filter` SET filter_active='%s' WHERE filter_name='%s'", CAT_TABLE_PREFIX, $value, $filter));
if ($backend->db()->isError()) {
$error = $backend->db()->getError();
}
} else {
$res = $backend->db()->query(sprintf("SELECT * FROM `%smod_filter` WHERE filter_name='%s'", CAT_TABLE_PREFIX, $filter));
/**
*
* @access public
* @return
**/
public static function updateWhenModified()
{
global $update_when_modified, $page_id, $section_id;
// if changes were made, the var might be set
if (isset($update_when_modified) && $update_when_modified == true) {
self::getInstance()->db()->query("UPDATE `:prefix:pages` SET modified_when=:mod, modified_by=:by WHERE page_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $page_id));
if ($section_id) {
self::getInstance()->db()->query("UPDATE `:prefix:sections` SET modified_when=:mod, modified_by=:by WHERE section_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $section_id));
}
}
}
/**
* set login error and increase number of login attempts
*
* @access private
* @param string $msg - error message
* @return void
**/
private static function setLoginError($msg)
{
self::$loginerror = $msg;
self::$lasterror = $msg;
self::$errorstack[] = $msg;
if (!isset($_SESSION['ATTEMPTS'])) {
$_SESSION['ATTEMPTS'] = 0;
} else {
$_SESSION['ATTEMPTS'] = CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') + 1;
}
}
* @package CAT_Core
*
*/
define('CAT_LOGIN_PHASE', 1);
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
if (CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') > MAX_ATTEMPTS) {
$redirect = CAT_URL . '/templates/' . DEFAULT_THEME . '/templates/warning.html';
$ajax = array('url' => $redirect, 'success' => true, 'message' => NULL);
} else {
#CAT_Helper_Protect::getInstance()->enableCSRFMagic();
$redirect = CAT_Users::getInstance()->handleLogin();
$error = CAT_Users::getInstance()->loginError();
$ajax = array('url' => $redirect, 'success' => CAT_Users::getInstance()->is_authenticated(), 'message' => $redirect === false || $error ? $error : NULL);
}
header('Content-type: application/json');
print json_encode($ajax);
exit;
*
*/
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$username_fieldname = 'username';
$password_fieldname = 'password';
$redirect = CAT_Users::getInstance()->handleLogin(false);
$error = CAT_Users::getInstance()->loginError();
if ($redirect) {
header('Location: ' . $redirect);
}
$redirect_url = $val->sanitizeGet('redirect') != '' ? $val->sanitizeGet('redirect') : $val->sanitizePost('redirect');
global $parser;
$parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'));
// if there's a template for this in the current frontend template
$parser->setFallbackPath(dirname(__FILE__) . '/templates/default');
// fallback to default dir
$parser->output('account_login_form', array('message' => $error, 'username_fieldname' => $username_fieldname, 'password_fieldname' => $password_fieldname, 'redirect_url' => $redirect_url ? $redirect_url : ''));
function Dwoo_Plugin_show_menu(Dwoo $dwoo, $aMenu = 0, $aStart = SM2_ROOT, $aMaxLevel = -1999, $aOptions = SM2_TRIM, $aItemOpen = false, $aItemClose = false, $aMenuOpen = false, $aMenuClose = false, $aTopItemOpen = false, $aTopMenuOpen = false)
{
if (CAT_Helper_Page::isMaintenance() && !CAT_Users::is_root()) {
return false;
}
if (strpos($aOptions, 'SM2_PRETTY') !== false) {
return "<strong>Error:</strong> show_menu() does not support the SM2_PRETTY Flag!";
}
// Set variables to replace strings with constants
$search_values = array('SM2_ROOT', 'SM2_CURR', 'SM2_ALLMENU', 'SM2_START', 'SM2_MAX', 'SM2_ALLINFO', 'SM2_ALL', 'SM2_TRIM', 'SM2_CRUMB', 'SM2_SIBLING', 'SM2_NUMCLASS', 'SM2_NOCACHE', 'SM2_PRETTY', 'SM2_ESCAPE', 'SM2_NOESCAPE', 'SM2_BUFFER', 'SM2_CURRTREE', 'SM2_SHOWHIDDEN', 'SM2_XHTML_STRICT', 'SM2_NO_TITLE', 'SM2_ARRAY');
$replace_values = array(SM2_ROOT, SM2_CURR, SM2_ALLMENU, SM2_START, SM2_MAX, SM2_ALLINFO, SM2_ALL, SM2_TRIM, SM2_CRUMB, SM2_SIBLING, SM2_NUMCLASS, SM2_NOCACHE, SM2_PRETTY, SM2_ESCAPE, SM2_NOESCAPE, SM2_BUFFER, SM2_CURRTREE, SM2_SHOWHIDDEN, SM2_XHTML_STRICT, SM2_NO_TITLE, '');
// Check if function shall return an array or the menu
$direct_output = strpos($aOptions, 'SM2_ARRAY') === false ? true : false;
// Check if SM2_BUFFER is set, when SM2_ARRAY is set (otherwise simply replace SM2_ARRAY with SM2_BUFFER
$aOptions = !$direct_output && strpos($aOptions, 'SM2_BUFFER') === false ? str_replace('SM2_ARRAY', 'SM2_BUFFER', $aOptions) : $aOptions;
// Replace all Strings with constants
$aStart = str_replace($search_values, $replace_values, $aStart);
$aMaxLevel = str_replace($search_values, $replace_values, $aMaxLevel);
$aOptions = str_replace($search_values, $replace_values, $aOptions);
// Among all constants get to bit values
$Menu = among_constants($aMenu);
$Start = among_constants($aStart);
$MaxLevel = among_constants($aMaxLevel);
$Options = among_constants($aOptions);
if ($direct_output) {
show_menu2($Menu, $Start, $MaxLevel, $Options, $aItemOpen, $aItemClose, $aMenuOpen, $aMenuClose, $aTopItemOpen, $aTopMenuOpen);
} else {
$result = show_menu2($Menu, $Start, $MaxLevel, $Options);
$search = array('</li><li', '</a><ul', '</li></ul>', '</ul></li>', '</a></li>');
$replace = array('</li>|<li', '</a>|<ul', '</li>|</ul>', '</ul>|</li>', '</a>|</li>');
$result = str_replace($search, $replace, $result);
$walk = explode('|', $result);
$menu = array();
$level = 0;
foreach ($walk as $index => $item) {
trim($item);
if ($item == '</li>') {
$menu[] = array('type' => 'link_end', 'level' => $level);
continue;
}
if ($item == '</ul>') {
$menu[] = array('type' => 'level_end', 'level' => $level);
$level--;
continue;
}
if (strpos($item, '<ul') !== false) {
$ul = substr($item, 0, strpos($item, '<li'));
$level++;
$link = array();
$link['type'] = 'level_start';
$link['level'] = $level;
preg_match_all('/([a-zA-Z]*[a-zA-Z])\\s{0,3}[=]\\s{0,3}("[^"\\r\\n]*)"/', $ul, $attr);
foreach ($attr as $attributes) {
foreach ($attributes as $attribut) {
if (strpos($attribut, "=") !== false) {
list($key, $value) = explode("=", $attribut);
$value = trim($value);
$value = trim(substr($value, 1, strlen($value) - 2));
if (!empty($value)) {
$link[$key] = $value;
}
}
}
}
$menu[] = $link;
$item = trim(substr($item, strpos($item, '<li')));
}
if (strpos($item, '<li') !== false) {
$link = array();
$link['type'] = 'link_start';
$link['level'] = $level;
preg_match_all('/([a-zA-Z]*[a-zA-Z])\\s{0,3}[=]\\s{0,3}("[^"\\r\\n]*)"/', $item, $attr);
foreach ($attr as $attributes) {
foreach ($attributes as $attribut) {
if (strpos($attribut, "=") !== false) {
list($key, $value) = explode("=", $attribut);
$value = trim($value);
$value = trim(substr($value, 1, strlen($value) - 2));
$link[$key] = $value;
}
}
}
$link['pagename'] = pathinfo($link['href'], PATHINFO_FILENAME);
$menu[] = $link;
}
}
return $menu;
}
// end loop for SM2_ARRAY
}
if ($val->sanitizePost('captcha') != $val->fromSession('captcha')) {
$errors[] = $val->lang()->translate('The verification number (also known as Captcha) that you entered is incorrect. If you are having problems reading the Captcha, please email to: <a href="mailto:{{SERVER_EMAIL}}">{{SERVER_EMAIL}}</a>', array('SERVER_EMAIL' => SERVER_EMAIL));
}
}
}
/*
if ( isset( $_SESSION['captcha'] ) )
{
unset( $_SESSION['captcha'] );
}
*/
if (!count($errors)) {
// Generate a random password
$new_pass = $users->generateRandomString(8);
$md5_password = md5($new_pass);
$result = $users->createUser($groups_id, $active, $username, $md5_password, $display_name, $email, CAT_Users::get_home_folder());
if (!is_bool($result)) {
$errors[] = $val->lang()->translate('Unable to create user account. Please contact the administrator.');
} else {
// Setup email to send
$mail_to = $email;
$mail_subject = $val->lang()->translate('Your login details...');
$mail_message = $parser->get('account_signup_mail_body', array('LOGIN_DISPLAY_NAME' => $display_name, 'LOGIN_WEBSITE_TITLE' => WEBSITE_TITLE, 'LOGIN_NAME' => $username, 'LOGIN_PASSWORD' => $new_pass, 'SERVER_EMAIL' => SERVER_EMAIL));
// Try sending the email
if (!CAT_Helper_Mail::getInstance()->sendMail(SERVER_EMAIL, $mail_to, $mail_subject, $mail_message, CATMAILER_DEFAULT_SENDERNAME)) {
$database->query("DELETE FROM `:prefix:users` WHERE username=:name", array('name' => $username));
$errors[] = $val->lang()->translate('Unable to email password, please contact system administrator');
} else {
$message = $val->lang()->translate('Registration process completed!<br /><br />You should receive an eMail with your login data. If not, please contact {{SERVER_EMAIL}}.', array('SERVER_EMAIL' => SERVER_EMAIL));
$form = false;
}
// no frontend login, no forgot form
if (INTRO_PAGE) {
die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php'));
} else {
die(header('Location: ' . CAT_URL . '/index.php'));
}
}
$val = CAT_Helper_Validate::getInstance();
$email = $val->sanitizePost('email', NULL, true);
$display_form = true;
$msg_class = 'info';
global $parser;
$parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'));
// if there's a template for this in the current frontend template
$parser->setFallbackPath(dirname(__FILE__) . '/templates/default');
// fallback to default dir
// mailer lib installed?
if (count(CAT_Helper_Addons::getLibraries('mail')) == 0) {
$parser->output('account_forgot_form', array('message_class' => 'highlight', 'display_form' => false, 'message' => $val->lang()->translate('Sorry, but the system is unable to use mail to send your details. Please contact the administrator.'), 'contact' => CAT_Registry::exists('SERVER_EMAIL', false) && CAT_Registry::get('SERVER_EMAIL') != '*****@*****.**' && $val->validate_email(CAT_Registry::get('SERVER_EMAIL')) ? '<br />[ <a href="mailto:' . CAT_Registry::get('SERVER_EMAIL') . '">' . $val->lang()->translate('Send eMail') . '</a> ]' : ''));
exit;
}
// Check if the user has already submitted the form, otherwise show it
if ($email && $val->sanitize_email($email)) {
list($result, $message) = CAT_Users::handleForgot($email);
} else {
$email = '';
}
if (!isset($message)) {
$message = $val->lang()->translate('Please enter your email address below');
}
$parser->output('account_forgot_form', array('message_class' => $msg_class, 'email' => $email, 'display_form' => $display_form, 'message' => $message));
continue;
}
$dir .= '/' . $sub;
if (file_exists($dir . '/framework/class.secure.php')) {
include $dir . '/framework/class.secure.php';
$inc = true;
break;
}
}
if (!$inc) {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// protect
$backend = CAT_Backend::getInstance('Start', 'start', false, false);
if (!CAT_Users::is_authenticated()) {
exit;
}
// just to be _really_ sure...
require CAT_PATH . '/framework/CAT/ExceptionHandler.php';
// register exception/error handlers
set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler"));
set_error_handler(array("CAT_ExceptionHandler", "errorHandler"));
register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler"));
include dirname(__FILE__) . '/../data/config.inc.php';
$widget_name = 'Version check';
$error = $version = $newer = $last = $last_version = NULL;
$debug = false;
$doit = true;
if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) {
$file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/../data/.last');
}
}
$header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true;
$backend = CAT_Backend::getInstance('admintools', 'admintools', $header);
$admin =& $backend;
$val = CAT_Helper_Validate::getInstance();
$get_tool = $val->sanitizeGet('tool', NULL, true);
if ($get_tool == '') {
$get_tool = $val->sanitizePost('tool', NULL, true);
}
if ($get_tool == '') {
header("Location: index.php");
exit(0);
}
// check tool permission
if (!CAT_Users::get_permission($get_tool, 'module')) {
header("Location: index.php");
exit(0);
}
global $parser;
$parser->setGlobals('CAT_ADMIN_URL', CAT_ADMIN_URL);
// ==============================
// ! Check if tool is installed
// ==============================
if (!CAT_Helper_Addons::isModuleInstalled($get_tool)) {
header("Location: index.php");
exit(0);
}
$tool = CAT_Helper_Addons::getAddonDetails($get_tool);
// Set toolname
$tpl_data['TOOL_NAME'] = $tool['name'];
/**
* Allows modules to register a file which should be allowed to load the
* config.php directly.
*
* This is only allowed in installation context!
*
* @access public
* @param string $module - module name
* @param string $filepath - relative file path
**/
public static function sec_register_file($module, $filepath)
{
global $admin;
if (!CAT_Backend::isBackend() && !is_object($admin) && !defined('CAT_INSTALL')) {
self::getInstance()->log()->logCrit("sec_register_file() called outside admin context!");
self::$error = "sec_register_file() called outside admin context!";
return false;
}
// check permissions
if (!CAT_Users::checkPermission('Addons', 'modules_install') && !defined('CAT_INSTALL')) {
self::getInstance()->log()->logCrit("sec_register_file() called without modules_install perms!");
self::$error = "sec_register_file() called without modules_install perms!";
return false;
}
// this will remove ../.. from $filepath
$filepath = CAT_Helper_Directory::sanitizePath($filepath);
if (!is_dir(CAT_PATH . '/modules/' . $module)) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])");
self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])";
return false;
}
if (!file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/' . $filepath))) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])");
self::$error = "sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])";
return false;
}
$self = self::getInstance();
$q = $self->db()->query('SELECT * FROM `:prefix:addons` WHERE directory=:dir', array('dir' => $module));
if (!$q->rowCount()) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!");
self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!";
return false;
}
$row = $q->fetchRow();
// remove trailing / from $filepath
$filepath = preg_replace('~^/~', '', $filepath);
$q = $self->db()->query('SELECT * FROM `:prefix:class_secure` WHERE module=:mod AND filepath=:path', array('mod' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
if (!$q->rowCount()) {
$self->db()->query('REPLACE INTO `:prefix:class_secure` VALUES ( :id, :path )', array('id' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
return $self->db()->isError() ? false : true;
}
return true;
}
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
ob_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
$backend = CAT_Backend::getInstance('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id());
if (!$curr_user_is_admin) {
echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
exit;
}
$settings = array();
$sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"';
if ($res = $backend->db()->query($sql)) {
$row = $res->fetchRow(MYSQL_ASSOC);
}
if (!isset($row['value']) || $row['value'] == '') {
@(require_once CAT_PATH . '/framework/CAT/Object.php');
$guid = CAT_Object::createGUID();
$row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL;
$backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
} else {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// this one is only used for the frontend!
if (!FRONTEND_LOGIN) {
// no frontend login, no preferences
if (INTRO_PAGE) {
die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php'));
} else {
die(header('Location: ' . CAT_URL . '/index.php'));
}
}
// check if user is authenticated
if (CAT_Users::getInstance()->is_authenticated() === false) {
die(header('Location: ' . CAT_URL . '/account/login.php'));
}
CAT_Helper_Page::getVirtualPage('Preferences');
/**
* Set the page content include file
*/
define('PAGE_CONTENT', CAT_PATH . '/account/preferences_form.php');
/**
* Include the index (wrapper) file
*/
require CAT_PATH . '/index.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$print_info_banner = true;
$backend = CAT_Backend::getInstance('pages', 'pages_modify');
$_bc_user = CAT_Users::getInstance();
$_bc_val = CAT_Helper_Validate::getInstance();
$page_id = $_bc_val->get('_REQUEST', 'page_id', 'numeric');
// for backward compatibility
include CAT_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// always enable CSRF protection in backend; does not work with
// AJAX so scripts called via AJAX should set this constant
if (!defined('CAT_AJAX_CALL')) {
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
$section_id = $_bc_val->get('_REQUEST', 'section_id', 'numeric');
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
include 'functions.php';
header('Content-type: application/json');
// ===============
// ! check perms
// ===============
$users = CAT_Users::getInstance();
if (!$users->checkPermission('pages', 'pages_settings', false) == true) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to do this.'), 'success' => false);
print json_encode($ajax);
exit;
}
// ===============
// ! Get page id
// ===============
$val = CAT_Helper_Validate::getInstance();
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
if ($page_id == '') {
$ajax = array('message' => $backend->lang()->translate('Invalid data!'), 'success' => false);
print json_encode($ajax);
exit;
}
function get_user_details($user_id)
{
return CAT_Users::get_user_details($user_id);
}
}
//**************************************************************************
// include config.php
//**************************************************************************
require_once $config_path . '/config.php';
//**************************************************************************
// analyze path to auto-protect backend
//**************************************************************************
if (!defined('CAT_LOGIN_PHASE')) {
$path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL;
if ($path) {
$check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH));
if (preg_match('~^' . $check . '~i', $path)) {
define('CAT_REQUIRE_ADMIN', true);
if (!CAT_Users::getInstance()->is_authenticated()) {
CAT_Users::getInstance()->handleLogin();
exit(0);
}
// always enable CSRF protection in backend; does not work with
// AJAX so scripts called via AJAX should set this constant
if (!defined('CAT_AJAX_CALL')) {
//echo "class.secure is calling enableCSRFMagic<br />";
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
global $parser;
if (!is_object($parser)) {
$parser = CAT_Helper_Template::getInstance('Dwoo');
}
// initialize template search path
$parser->setPath(CAT_THEME_PATH . '/templates');
$parser->setFallbackPath(CAT_THEME_PATH . '/templates');
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
include 'functions.php';
$val = CAT_Helper_Validate::getInstance();
// ===============
// ! Get page id
// ===============
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
$backend = CAT_Backend::getInstance('Pages', 'pages_settings');
$page = CAT_Helper_Page::getPage($page_id);
$user = CAT_Users::get_user_details($page['modified_by']);
$files = CAT_Helper_Page::getExtraHeaderFiles($page_id);
// ==================================
// ! Add globals to the template data
// ==================================
$tpl_data['CUR_TAB'] = 'headers';
$tpl_data['PAGE_HEADER'] = $backend->lang()->translate('Modify header files');
$tpl_data['PAGE_ID'] = $page_id;
$tpl_data['PAGE_LINK'] = CAT_Helper_Page::getLink($page['link']);
$tpl_data['PAGE_TITLE'] = $page['page_title'];
$tpl_data['MODIFIED_BY'] = $user['display_name'];
$tpl_data['MODIFIED_BY_USERNAME'] = $user['username'];
$tpl_data['MODIFIED_WHEN'] = $page['modified_when'] != 0 ? CAT_Helper_DateTime::getDateTime($page['modified_when']) : false;
$tpl_data['page_js'] = isset($files['js']) ? $files['js'] : '';
$tpl_data['page_css'] = isset($files['css']) ? $files['css'] : '';
$tpl_data['use_core'] = isset($files['use_core']) ? $files['use_core'] : NULL;
