} //************************************************************************** // include config.php //************************************************************************** require_once $config_path . '/config.php'; //************************************************************************** // analyze path to auto-protect backend //************************************************************************** if (!defined('CAT_LOGIN_PHASE')) { $path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL; if ($path) { $check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH)); if (preg_match('~^' . $check . '~i', $path)) { define('CAT_REQUIRE_ADMIN', true); if (!CAT_Users::getInstance()->is_authenticated()) { CAT_Users::getInstance()->handleLogin(); exit(0); } // always enable CSRF protection in backend; does not work with // AJAX so scripts called via AJAX should set this constant if (!defined('CAT_AJAX_CALL')) { //echo "class.secure is calling enableCSRFMagic<br />"; CAT_Helper_Protect::getInstance()->enableCSRFMagic(); } global $parser; if (!is_object($parser)) { $parser = CAT_Helper_Template::getInstance('Dwoo'); } // initialize template search path $parser->setPath(CAT_THEME_PATH . '/templates'); $parser->setFallbackPath(CAT_THEME_PATH . '/templates');
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } include 'functions.php'; header('Content-type: application/json'); // =============== // ! check perms // =============== $users = CAT_Users::getInstance(); if (!$users->checkPermission('pages', 'pages_settings', false) == true) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to do this.'), 'success' => false); print json_encode($ajax); exit; } // =============== // ! Get page id // =============== $val = CAT_Helper_Validate::getInstance(); $page_id = $val->get('_REQUEST', 'page_id', 'numeric'); if ($page_id == '') { $ajax = array('message' => $backend->lang()->translate('Invalid data!'), 'success' => false); print json_encode($ajax); exit; }
if (!$page_id) { header("Location: index.php"); exit(0); } // ============= // ! Get perms // ============= if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) { $backend->print_error('You do not have permissions to modify this page!'); } // ================= // ! Get new content // ================= $content = $val->sanitizePost('content' . $section_id); // for non-admins only if (!CAT_Users::getInstance()->ami_group_member(1)) { // if HTMLPurifier is enabled... $r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"'); if ($r) { // use HTMLPurifier to clean up the output $content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true)); } } else { $content = $val->add_slashes($content); } /** * searching in $text will be much easier this way */ $text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0); /** * save
/** * if auth_max_login_length is changed, there must not be any users that have * longer names **/ function check_auth_max_login_length($value, $oldvalue) { global $database, $err_msg; $result = $database->query(sprintf('select count(*) as cnt from `%susers` where char_length(username)>%d', CAT_TABLE_PREFIX, $value)); if ($result->numRows()) { $row = $result->fetchRow(MYSQL_ASSOC); if ($row['cnt'] > 0) { $err_msg[] = CAT_Users::getInstance()->lang()->translate('The max. Login name length could not be saved. There is/are {{ count }} user/s that have longer names.', array('count' => $row['cnt'])); return $oldvalue; } } return $value; }
$root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // this one is only used for the frontend! if (!FRONTEND_LOGIN) { // no frontend login, no preferences if (INTRO_PAGE) { die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php')); } else { die(header('Location: ' . CAT_URL . '/index.php')); } } // check if user is authenticated if (CAT_Users::getInstance()->is_authenticated() === false) { die(header('Location: ' . CAT_URL . '/account/login.php')); } CAT_Helper_Page::getVirtualPage('Preferences'); /** * Set the page content include file */ define('PAGE_CONTENT', CAT_PATH . '/account/preferences_form.php'); /** * Include the index (wrapper) file */ require CAT_PATH . '/index.php';
} else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $print_info_banner = true; $backend = CAT_Backend::getInstance('pages', 'pages_modify'); $_bc_user = CAT_Users::getInstance(); $_bc_val = CAT_Helper_Validate::getInstance(); $page_id = $_bc_val->get('_REQUEST', 'page_id', 'numeric'); // for backward compatibility include CAT_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify'); if (!$page_id) { header("Location: index.php"); exit(0); } // always enable CSRF protection in backend; does not work with // AJAX so scripts called via AJAX should set this constant if (!defined('CAT_AJAX_CALL')) { CAT_Helper_Protect::getInstance()->enableCSRFMagic(); } $section_id = $_bc_val->get('_REQUEST', 'section_id', 'numeric');
* */ if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $username_fieldname = 'username'; $password_fieldname = 'password'; $redirect = CAT_Users::getInstance()->handleLogin(false); $error = CAT_Users::getInstance()->loginError(); if ($redirect) { header('Location: ' . $redirect); } $redirect_url = $val->sanitizeGet('redirect') != '' ? $val->sanitizeGet('redirect') : $val->sanitizePost('redirect'); global $parser; $parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT')); // if there's a template for this in the current frontend template $parser->setFallbackPath(dirname(__FILE__) . '/templates/default'); // fallback to default dir $parser->output('account_login_form', array('message' => $error, 'username_fieldname' => $username_fieldname, 'password_fieldname' => $password_fieldname, 'redirect_url' => $redirect_url ? $redirect_url : ''));
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } ob_start(); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: text/html; charset:utf-8;"); $backend = CAT_Backend::getInstance('Settings', 'settings_basic'); $curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id()); if (!$curr_user_is_admin) { echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>"; exit; } $settings = array(); $sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"'; if ($res = $backend->db()->query($sql)) { $row = $res->fetchRow(MYSQL_ASSOC); } if (!isset($row['value']) || $row['value'] == '') { @(require_once CAT_PATH . '/framework/CAT/Object.php'); $guid = CAT_Object::createGUID(); $row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL; $backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")'); } else {
* @package CAT_Core * */ define('CAT_LOGIN_PHASE', 1); if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } if (CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') > MAX_ATTEMPTS) { $redirect = CAT_URL . '/templates/' . DEFAULT_THEME . '/templates/warning.html'; $ajax = array('url' => $redirect, 'success' => true, 'message' => NULL); } else { #CAT_Helper_Protect::getInstance()->enableCSRFMagic(); $redirect = CAT_Users::getInstance()->handleLogin(); $error = CAT_Users::getInstance()->loginError(); $ajax = array('url' => $redirect, 'success' => CAT_Users::getInstance()->is_authenticated(), 'message' => $redirect === false || $error ? $error : NULL); } header('Content-type: application/json'); print json_encode($ajax); exit;
/** * identify the page to show * * @access public * @param boolean $no_intro * @return boolean **/ public static function selectPage($no_intro = false) { global $page_id; // may be set by accessor file // check if the system is in maintenance mode if (self::isMaintenance()) { // admin can still see any page if (!CAT_Users::getInstance()->is_root()) { if (!CAT_Registry::exists('MAINTENANCE_PAGE')) { $result = CAT_Registry::getInstance()->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`="maintenance_page"'); if (is_resource($result) && $result->rowCount() == 1) { $row = $result->fetch(); CAT_Registry::register('MAINTENANCE_PAGE', $row['maintenance_page'], true); } } $page_id = MAINTENANCE_PAGE; } } // check if intro page to show if (INTRO_PAGE && !$no_intro && (!isset($page_id) || !is_numeric($page_id))) { // Get intro page content $filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION; if (file_exists($filename)) { $handle = @fopen($filename, "r"); $content = @fread($handle, filesize($filename)); @fclose($handle); CAT_Helper_Page::preprocess($content); header("Location: " . CAT_URL . PAGES_DIRECTORY . "/intro" . PAGE_EXTENSION . ""); // send intro.php as header to allow parsing of php statements echo $content; return false; } } // search if (!$page_id) { if (CAT_Registry::get('USE_SHORT_URLS') && isset($_SERVER['REDIRECT_QUERY_STRING'])) { $page_id = CAT_Helper_Page::getPageByPath('/' . $_SERVER['REDIRECT_QUERY_STRING']); } else { $page_id = self::getDefaultPage(); } } if (!defined('PAGE_ID')) { define('PAGE_ID', $page_id); } return $page_id; }
$level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } header('Content-type: application/json'); $backend = CAT_Backend::getInstance('admintools', 'blackcatFilter', false, false); $val = CAT_Helper_Validate::getInstance(); $error = NULL; if (!CAT_Users::getInstance()->checkPermission('admintools', 'blackcatFilter')) { $ajax = array('message' => $backend->lang()->translate('You do not have permissions to modify this page'), 'success' => false); print json_encode($ajax); exit; } $filter = $val->get('_REQUEST', 'filter'); $action = $val->get('_REQUEST', 'action'); // filter to activate/deactivate? if ($action != 'delete') { $value = $action == 'activate' ? 'Y' : 'N'; $backend->db()->query(sprintf("UPDATE `%smod_filter` SET filter_active='%s' WHERE filter_name='%s'", CAT_TABLE_PREFIX, $value, $filter)); if ($backend->db()->isError()) { $error = $backend->db()->getError(); } } else { $res = $backend->db()->query(sprintf("SELECT * FROM `%smod_filter` WHERE filter_name='%s'", CAT_TABLE_PREFIX, $filter));
/** * Print the admin header * * @access public * @return void */ public function print_header() { global $parser; $tpl_data = array(); $addons = CAT_Helper_Addons::getInstance(); $user = CAT_Users::getInstance(); // Connect to database and get website title if (!CAT_Registry::exists('WEBSITE_TITLE')) { $title = $this->db()->query("SELECT `value` FROM `:prefix:settings` WHERE `name`='website_title'")->fetchColumn(); CAT_Registry::define('WEBSITE_TITLE', $title, true); } // check current URL for page tree $uri = CAT_Helper_Validate::get('_SERVER', 'SCRIPT_NAME'); // init template search paths self::initPaths(); // ================================= // ! Add permissions to $tpl_data // ================================= $tpl_data['permission']['pages'] = $user->checkPermission('pages', 'pages', false); $tpl_data['permission']['pages_add'] = $user->checkPermission('pages', 'pages_add', false); $tpl_data['permission']['pages_add_l0'] = $user->checkPermission('pages', 'pages_add_l0', false); $tpl_data['permission']['pages_modify'] = $user->checkPermission('pages', 'pages_modify', false); $tpl_data['permission']['pages_delete'] = $user->checkPermission('pages', 'pages_delete', false); $tpl_data['permission']['pages_settings'] = $user->checkPermission('pages', 'pages_settings', false); $tpl_data['permission']['pages_intro'] = $user->checkPermission('pages', 'pages_intro', false) != true || INTRO_PAGE != 'enabled' ? false : true; if ($tpl_data['permission']['pages'] == true) { $tpl_data['DISPLAY_MENU_LIST'] = CAT_Registry::get('MULTIPLE_MENUS') != false ? true : false; $tpl_data['DISPLAY_LANGUAGE_LIST'] = CAT_Registry::get('PAGE_LANGUAGES') != false ? true : false; $tpl_data['DISPLAY_SEARCHING'] = CAT_Registry::get('SEARCH') != false ? true : false; // ========================== // ! Get info for pagesTree // ========================== $pages = CAT_Helper_Page::getPages(true); $sections = CAT_Helper_Page::getSections(); // create LI content for ListBuilder foreach ($pages as $i => $page) { if (isset($sections[$page['page_id']]) && count($sections[$page['page_id']])) { $page['page_title'] .= "\n" . count($sections[$page['page_id']]) . ' ' . $user->lang()->translate('active sections') . ':'; foreach ($sections[$page['page_id']] as $block_id => $section) { foreach ($section as $item) { $page['page_title'] .= "\n" . $item['module'] . ' (ID:' . $item['section_id'] . ')'; } } } $text = $parser->get('backend_pagetree_item', array_merge($page, array('action' => pathinfo($uri, PATHINFO_FILENAME) == 'lang_settings' ? 'lang_settings' : 'modify'))); $pages[$i]['text'] = $text; } // list of first level of pages $tpl_data['pages'] = CAT_Helper_ListBuilder::getInstance()->config(array('__li_level_css' => true, '__li_id_prefix' => 'pageid_', '__li_css_prefix' => 'fc_page_', '__li_has_child_class' => 'fc_expandable', '__is_open_key' => 'be_tree_is_open', '__li_is_open_class' => 'fc_tree_open', '__li_is_closed_class' => 'fc_tree_close', '__title_key' => 'text'))->tree($pages, 0); // number of editable pages (for current user) $tpl_data['pages_editable'] = CAT_Helper_Page::getEditable(); // ========================================== // ! Get info for the form to add new pages // ========================================== $tpl_data['templates'] = $addons->get_addons(CAT_Registry::get('DEFAULT_TEMPLATE'), 'template', 'template'); $tpl_data['languages'] = $addons->get_addons(CAT_Registry::get('DEFAULT_LANGUAGE'), 'language'); $tpl_data['modules'] = $addons->get_addons('wysiwyg', 'module', 'page'); $tpl_data['groups'] = $user->get_groups(); // =========================================== // ! Check and set permissions for templates // =========================================== foreach ($tpl_data['templates'] as $key => $template) { $tpl_data['templates'][$key]['permissions'] = $user->get_permission($template['VALUE'], 'template') ? true : false; } } // ========================= // ! Add Metadatas to Dwoo // ========================= $tpl_data['META']['CHARSET'] = true === defined('DEFAULT_CHARSET') ? DEFAULT_CHARSET : 'utf-8'; $tpl_data['META']['LANGUAGE'] = strtolower(CAT_Registry::get('LANGUAGE')); $tpl_data['META']['WEBSITE_TITLE'] = WEBSITE_TITLE; $tpl_data['CAT_VERSION'] = CAT_Registry::get('CAT_VERSION'); $tpl_data['CAT_CORE'] = CAT_Registry::get('CAT_CORE'); $tpl_data['PAGE_EXTENSION'] = CAT_Registry::get('PAGE_EXTENSION'); $date_search = array('Y', 'j', 'n', 'jS', 'l', 'F'); $date_replace = array('yy', 'y', 'm', 'd', 'DD', 'MM'); $tpl_data['DATE_FORMAT'] = str_replace($date_search, $date_replace, CAT_Registry::get('CAT_DATE_FORMAT')); $time_search = array('H', 'i', 's', 'g'); $time_replace = array('hh', 'mm', 'ss', 'h'); $tpl_data['TIME_FORMAT'] = str_replace($time_search, $time_replace, CAT_Registry::get('TIME_FORMAT')); $tpl_data['SESSION'] = session_name(); $tpl_data['HEAD']['SECTION_NAME'] = $this->lang()->translate(strtoupper(self::$instance->section_name)); $tpl_data['DISPLAY_NAME'] = $user->get_display_name(); $tpl_data['USER'] = $user->get_user_details($user->get_user_id()); // =================================================================== // ! Add arrays for main menu, options menu and the Preferences-Button // =================================================================== $tpl_data['MAIN_MENU'] = array(); $tpl_data['MAIN_MENU'][0] = array('link' => CAT_ADMIN_URL . '/start/index.php', 'title' => $this->lang()->translate('Start'), 'permission_title' => 'start', 'permission' => $user->checkPermission('start', 'start') ? true : false, 'current' => 'start' == strtolower($this->section_name) ? true : false); $tpl_data['MAIN_MENU'][1] = array('link' => CAT_ADMIN_URL . '/media/index.php', 'title' => $this->lang()->translate('Media'), 'permission_title' => 'media', 'permission' => $user->checkPermission('media', 'media') ? true : false, 'current' => 'media' == strtolower($this->section_name) ? true : false); $tpl_data['MAIN_MENU'][2] = array('link' => CAT_ADMIN_URL . '/settings/index.php', 'title' => $this->lang()->translate('Settings'), 'permission_title' => 'settings', 'permission' => $user->checkPermission('settings', 'settings') ? true : false, 'current' => 'settings' == strtolower($this->section_name) ? true : false); $tpl_data['MAIN_MENU'][3] = array('link' => CAT_ADMIN_URL . '/addons/index.php', 'title' => $this->lang()->translate('Addons'), 'permission_title' => 'addons', 'permission' => $user->checkPermission('addons', 'addons') ? true : false, 'current' => 'addons' == strtolower($this->section_name) ? true : false); $tpl_data['MAIN_MENU'][4] = array('link' => CAT_ADMIN_URL . '/admintools/index.php', 'title' => $this->lang()->translate('Admin-Tools'), 'permission_title' => 'admintools', 'permission' => $user->checkPermission('admintools', 'admintools') ? true : false, 'current' => 'admintools' == strtolower($this->section_name) ? true : false); $tpl_data['MAIN_MENU'][5] = array('link' => CAT_ADMIN_URL . '/users/index.php', 'title' => $this->lang()->translate('Access'), 'permission_title' => 'access', 'permission' => $user->checkPermission('access', 'access') ? true : false, 'current' => 'access' == strtolower($this->section_name) ? true : false); // ======================================= // ! Seperate access-link by permissions // ======================================= if ($user->get_permission('users')) { $tpl_data['MAIN_MENU'][5]['link'] = CAT_ADMIN_URL . '/users/index.php'; } elseif ($user->get_permission('groups')) { $tpl_data['MAIN_MENU'][5]['link'] = CAT_ADMIN_URL . '/groups/index.php'; } $tpl_data['PREFERENCES'] = array('link' => CAT_ADMIN_URL . '/preferences/index.php', 'title' => $this->lang()->translate('Preferences'), 'permission_title' => 'preferences', 'permission' => $this->get_link_permission('preferences') ? true : false, 'current' => 'preferences' == strtolower($this->section_name) ? true : false); $tpl_data['section_name'] = strtolower($this->section_name); $tpl_data['page_id'] = CAT_Helper_Validate::sanitizeGet('page_id', 'numeric') && CAT_Helper_Validate::sanitizeGet('page_id') != '' ? CAT_Helper_Validate::sanitizeGet('page_id') : (CAT_Helper_Validate::sanitizePost('page_id', 'numeric') && CAT_Helper_Validate::sanitizePost('page_id') != '' ? CAT_Helper_Validate::sanitizePost('page_id') : false); // ==================== // ! Parse the header // ==================== $parser->output('header', $tpl_data); }