$admin = new admin('Access', 'groups_modify', false); // Create a javascript back link $js_back = ADMIN_URL . '/groups/index.php'; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // Check if group group_id is a valid number and doesnt equal 1 $group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); if ($group_id < 2) { // if($admin_header) { $admin->print_header(); } $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // Gather details entered $group_name = $admin->get_post_escaped('group_name'); // Check values if ($group_name == "") { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back); } // After check print the header $admin->print_header(); // Get system permissions require_once ADMIN_PATH . '/groups/get_permissions.php'; // Update the database $query = "UPDATE `" . TABLE_PREFIX . "groups` SET `name` = '{$group_name}', `system_permissions` = '{$system_permissions}', `module_permissions` = '{$module_permissions}', `template_permissions` = '{$template_permissions}' WHERE `group_id` = '{$group_id}'"; $database->query($query); if ($database->is_error()) { $admin->print_error($database->get_error()); } else { $admin->print_success($MESSAGE['GROUPS_SAVED'], ADMIN_URL . '/groups/index.php');
* @lastmodified $Date: 2015-04-27 10:02:19 +0200 (Mo, 27. Apr 2015) $ * */ require '../../config.php'; $admin = new admin('Media', 'media', false); // Include the WB functions file // check if theme language file exists for the language set by the user (e.g. DE, EN) if (!file_exists(THEME_PATH . '/languages/' . LANGUAGE . '.php')) { // no theme language file exists for the language set by the user, include default theme language file EN.php require_once THEME_PATH . '/languages/EN.php'; } else { // a theme language file exists for the language defined by the user, load it require_once THEME_PATH . '/languages/' . LANGUAGE . '.php'; } //Save post vars to the parameters file if (!is_null($admin->get_post_escaped("save"))) { /* if (!$admin->checkFTAN()) { $admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'],'browse.php',false); } */ if (DEFAULT_THEME != ' wb_theme') { //Check for existing settings entry, if not existing, create a record first! if (!$database->query("SELECT * FROM " . TABLE_PREFIX . "settings where `name`='mediasettings'")) { $database->query("INSERT INTO " . TABLE_PREFIX . "settings (`name`,`value`) VALUES ('mediasettings','')"); } } else { $pathsettings = array(); } $dirs = directory_list(WB_PATH . MEDIA_DIRECTORY);
} // end include class.secure.php require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Access', 'users_modify'); // Check if user id is a valid number and doesnt equal 1 if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) { header("Location: index.php"); exit(0); } else { $user_id = $_POST['user_id']; } // Gather details entered $groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : ''; $active = addslashes($_POST['active'][0]); $username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES)); $username = $admin->get_post_escaped($username_fieldname); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES)); $email = $admin->get_post_escaped('email'); $home_folder = $admin->get_post_escaped('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php'); } if (strlen($username) < 3) { $admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php'); } if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php'); }
$admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // After check print the header $admin->print_header(); // Check if user id is a valid number and doesnt equal 1 if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) { header("Location: index.php"); exit(0); } else { $user_id = $_POST['user_id']; } // Gather details entered $groups_id = isset($_POST['groups']) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; $active = $admin->add_slashes($_POST['active'][0]); $username_fieldname = $admin->get_post_escaped('username_fieldname'); $username = strtolower($admin->get_post_escaped($username_fieldname)); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = $admin->get_post_escaped('display_name'); $email = $admin->get_post_escaped('email'); $home_folder = $admin->get_post_escaped('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); } if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); } if ($password != "") { if (strlen($password) < 2) {
* @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Create new admin object and print admin header require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; // suppress to print the header, so no new FTAN will be set $admin = new admin('Pages', 'pages_add', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get values $title = $admin->get_post_escaped('title'); $title = htmlspecialchars($title); $module = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('type')); // fix secunia 2010-93-4 $parent = intval($admin->get_post('parent')); // fix secunia 2010-91-2 $visibility = $admin->get_post('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-91-2 $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // Work-out if we should check for existing page_code $field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code'); // add Admin to admin and viewing-groups
{ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } */ $pagetree_url = ADMIN_URL . '/pages/index.php'; $target_url = ADMIN_URL . '/pages/settings.php?page_id=' . $page_id; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url); } // After check print the header $admin->print_header(); // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get values $page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title'))); $menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title'))); $the_link = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('link'))); $page_code = intval($admin->get_post('page_code')); $description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description')))); $keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords')))); $parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3 $visibility = $admin->get_post_escaped('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-93-3 $template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template')); // fix secunia 2010-93-3 //$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template);
// end include class.secure.php // Get page id if (!isset($_POST['page_id']) or !is_numeric($_POST['page_id'])) { header("Location: index.php"); exit(0); } else { $page_id = $_POST['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_settings'); // Include the functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; // Get values $page_link = htmlspecialchars(addslashes($admin->get_post('link'))); if (version_compare(PHP_VERSION, '5.4.0', '>=')) { $page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET); $menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET); } else { $page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT, DEFAULT_CHARSET); $menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT, DEFAULT_CHARSET); } $description = htmlspecialchars(addslashes($admin->get_post('description'))); $keywords = htmlspecialchars(addslashes($admin->get_post('keywords'))); $page_code = htmlspecialchars(addslashes($admin->get_post('page_code'))); $parent = $admin->get_post_escaped('parent'); $visibility = $admin->get_post_escaped('visibility'); $template = $admin->get_post_escaped('template'); $target = $admin->get_post_escaped('target'); $admin_groups = $admin->get_post_escaped('admin_groups'); $viewing_groups = $admin->get_post_escaped('viewing_groups'); $searching = $admin->get_post_escaped('searching');