* Way Better Content Editing.
 * Visit http://wbce.org to learn more and to join the community.
 *
 * @copyright Ryan Djurovich (2004-2009)
 * @copyright WebsiteBaker Org. e.V. (2009-2015)
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// do not display notices and warnings during installation
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
// Setup admin object
require '../../config.php';
$admin = new admin('Addons', 'languages_install', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// After check print the header
$admin->print_header();
// Check if user uploaded a file
if (!isset($_FILES['userfile'])) {
    header("Location: index.php");
    exit(0);
}
// Include the WB functions file
// Create temp string
$temp_string = '';
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double) microtime() * 1000000);
$i = 0;
while ($i <= 7) {
        $common_field = 'page_id';
        $table = TABLE_PREFIX . 'sections';
    } else {
        $id = $_GET['page_id'];
        $id_field = 'page_id';
        $common_field = 'parent';
        $table = TABLE_PREFIX . 'pages';
    }
} else {
    header("Location: index.php");
    exit(0);
}
// Create new admin object and print admin header
$admin = new admin('Pages', 'pages_settings');
// Create new order object an reorder
$order = new order($table, 'position', $id_field, $common_field);
if ($id_field == 'page_id') {
    if ($order->move_up($id)) {
        $admin->print_success($MESSAGE['PAGES_REORDERED']);
    } else {
        $admin->print_error($MESSAGE['PAGES_CANNOT_REORDER']);
    }
} else {
    if ($order->move_up($id)) {
        $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id);
    } else {
        $admin->print_error($TEXT['ERROR'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id);
    }
}
// Print admin footer
$admin->print_footer();
// Setup template object, parse vars to it, then parse it
// Create new template object
$template = new Template(dirname($admin->correct_theme_source('media_browse.htt')));
$template->set_file('page', 'media_browse.htt');
$template->set_block('page', 'main_block', 'main');
// Get the current dir
$currentHome = $admin->get_home_folder();
$directory = ($currentHome and !array_key_exists('dir', $_GET)) ? $currentHome : $admin->strip_slashes($admin->get_get('dir'));
if ($directory == '/' or $directory == '\\') {
    $directory = '';
}
$dir_backlink = 'browse.php?dir=' . $directory;
// Check to see if it contains ../
if (!check_media_path($directory)) {
    // $admin->print_header();
    $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']);
}
if (!file_exists(WB_PATH . MEDIA_DIRECTORY . $directory)) {
    // $admin->print_header();
    $admin->print_error($MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST']);
}
// Check to see if the user wanted to go up a directory into the parent folder
if ($admin->get_get('up') == 1) {
    $parent_directory = dirname($directory);
    header("Location: browse.php?dir={$parent_directory}");
    exit(0);
}
if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) {
    // Only show admin the settings link
    $template->set_var('DISPLAY_SETTINGS', 'hide');
}
 * WebsiteBaker Community Edition (WBCE)
 * Way Better Content Editing.
 * Visit http://wbce.org to learn more and to join the community.
 *
 * @copyright Ryan Djurovich (2004-2009)
 * @copyright WebsiteBaker Org. e.V. (2009-2015)
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Setup admin object
require '../../config.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Addons', 'templates_uninstall', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// After check print the header
$admin->print_header();
// Check if user selected template
if (!isset($_POST['file']) or $_POST['file'] == "") {
    header("Location: index.php");
    exit(0);
} else {
    $file = $_POST['file'];
}
// Extra protection
if (trim($file) == '') {
    header("Location: index.php");
    exit(0);
}
    require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('admin', false)) {
    require WB_PATH . '/framework/class.admin.php';
}
// suppress to print the header, so no new FTAN will be set
if (!$bAdvanced) {
    $admin = new admin('Settings', 'settings_basic', false);
} else {
    $admin = new admin('Settings', 'settings_advanced', false);
}
// Create a javascript back link
$js_back = ADMIN_URL . '/settings/index.php?advanced=' . $bAdvanced;
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
$admin->print_header();
$TOKENS = unserialize($_SESSION['TOKENS']);
$array = $_POST;
ksort($array);
$aInputs = array();
$aOutputs = array();
$sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings` ' . 'ORDER BY `name`';
if ($oSettings = $database->query($sql)) {
    while ($aSetting = $oSettings->fetchRow(MYSQLI_ASSOC)) {
        $aOutputs['_POST'][$aSetting['name']] = $aSetting['value'];
    }
}
// After check print the header
// Work-out file mode
 *
 * @copyright Ryan Djurovich (2004-2009)
 * @copyright WebsiteBaker Org. e.V. (2009-2015)
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Print admin header
require '../../config.php';
include_once 'resize_img.php';
include_once 'parameters.php';
// require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');	// Required to unzip file.
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Media', 'media_upload', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// After check print the header
$admin->print_header();
// Target location
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$target = isset(${$requestMethod}['target']) ? ${$requestMethod}['target'] : '';
// Include the WB functions file
$directory = $target == '/' ? '' : $target;
$dirlink = 'index.php?dir=' . $directory;
$rootlink = 'index.php?dir=';
// Check to see if target contains ../
if (!check_media_path($target, false)) {
    $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
}
// Create relative path of the target location for the file
}
$admin = new admin('Pages', 'pages_modify', (bool) $admin_header);
// get request method
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$aRequestVars = isset(${$requestMethod}) ? ${$requestMethod} : null;
// Get page id (on error page_id == 0))
$page_id = intval(isset(${$requestMethod}['page_id']) ? ${$requestMethod}['page_id'] : (isset($page_id) ? $page_id : 0));
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$section_id = intval(isset(${$requestMethod}['section_id']) ? ${$requestMethod}['section_id'] : (isset($section_id) ? $section_id : 0));
$module_dir = basename(dirname($_SERVER["SCRIPT_NAME"]));
// Create js back link
$js_back = ADMIN_URL . '/pages/sections.php?page_id=' . $page_id;
// Get perms
// unset($admin_header);
if (!is_numeric($page_id)) {
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($page_id > 0) {
    $page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php');
} else {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL);
}
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
$in_group = false;
foreach ($admin->get_groups_id() as $cur_gid) {
    if (in_array($cur_gid, $old_admin_groups)) {
        $in_group = true;
    }
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
    print $admin->get_group_id() . $admin->get_user_id();
Example #8
0
// to show position and section_id
if (!defined('DEBUG')) {
    define('DEBUG', $debug);
}
// Create new admin object
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify');
// Check if we are supposed to add or delete a section
if (isset($_GET['section_id']) and is_numeric($_GET['section_id'])) {
    // Get more information about this section
    $section_id = intval($_GET['section_id']);
    $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ';
    $sql .= 'WHERE `section_id` =' . $section_id;
    $query_section = $database->query($sql);
    if ($query_section->numRows() == 0) {
        $admin->print_error('Section not found');
    }
    $section = $query_section->fetchRow(MYSQL_ASSOC);
    // Include the modules delete file if it exists
    if (file_exists(LEPTON_PATH . '/modules/' . $section['module'] . '/delete.php')) {
        require LEPTON_PATH . '/modules/' . $section['module'] . '/delete.php';
    }
    $sql = 'DELETE FROM `' . TABLE_PREFIX . 'sections` ';
    $sql .= 'WHERE `section_id` =' . $section_id . ' LIMIT 1';
    $query_section = $database->query($sql);
    if ($database->is_error()) {
        $admin->print_error($database->get_error());
    } else {
        require LEPTON_PATH . '/framework/class.order.php';
        $order = new order(TABLE_PREFIX . 'sections', 'position', 'section_id', 'page_id');
        $order->clean($page_id);
Example #9
0
$sql .= 'WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
if ($database->is_error()) {
    trigger_error($database->get_error(), E_USER_ERROR);
}
$results_array = $results->fetchRow(MYSQL_ASSOC);
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
$in_old_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
    if (in_array($cur_gid, $old_admin_groups)) {
        $in_old_group = TRUE;
    }
}
if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page module
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ';
$sql .= 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id;
$module = $database->get_one($sql);
if ($database->is_error()) {
    trigger_error($database->get_error(), E_USER_ERROR);
}
if (!$module) {
    $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
}
// Update the pages table
$now = time();
$sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET ';
$sql .= '`modified_when` = ' . $now . ', `modified_by` = ' . $admin->get_user_id() . ' ';
Example #10
0
<?php

/*
*	@version	0.1
*	@author		Ruud Eisinga (Ruud)
*	@date		2009-04-10
*/
require '../../config.php';
// Get id
if (!isset($_GET['slide_id']) or !is_numeric($_GET['slide_id'])) {
    header("Location: " . ADMIN_URL . "/pages/index.php");
} else {
    $slide_id = $_GET['slide_id'];
}
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
$btable = TABLE_PREFIX . 'mod_capslider_slide';
$database->query("DELETE FROM " . $btable . " WHERE id = '{$slide_id}' LIMIT 1");
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
    $admin->print_error($database->get_error(), WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id);
} else {
    $admin->print_success($TEXT['SUCCESS'], $module_edit_link);
}
// Print admin footer
$admin->print_footer();
    foreach ($zip_files as $zip_file => $info) {
        if (basename($info['filename']) == 'info.php') {
            return '/' . dirname($info['filename']);
        }
    }
    return '';
}
// do not display notices and warnings during installation
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
// Setup admin object
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Addons', 'modules_install', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
$admin->print_header();
// Check if module folder is writable
if (!is_writable(WB_PATH . '/modules/')) {
    if (file_exists($temp_file)) {
        unlink($temp_file);
    }
    // Remove temp file
    $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']);
}
// Check if user uploaded a file
if (!isset($_FILES['userfile'])) {
    header("Location: index.php");
    exit(0);
}
Example #12
0
    exit(0);
} else {
    $page_id = $_GET['page_id'];
}
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_delete');
// Include the functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
// Get perms
$results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'");
$results_array = $results->fetchRow();
// Find out more about the page
$query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'";
$results = $database->query($query);
if ($database->is_error()) {
    $admin->print_error($database->get_error());
}
if ($results->numRows() == 0) {
    $admin->print_error($MESSAGE['PAGES_NOT_FOUND']);
}
$results_array = $results->fetchRow();
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
$in_old_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
    if (in_array($cur_gid, $old_admin_groups)) {
        $in_old_group = TRUE;
    }
}
if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/droplets/save_droplet.php $
 * @lastmodified    $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $
 *
 */
require dirname(dirname(dirname(__DIR__))) . '/config.php';
if (!class_exists('admin', false)) {
    require WB_PATH . '/framework/class.admin.php';
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
    $admin->print_header();
    $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
    $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
    $title = $admin->add_slashes($admin->get_post('title'));
    $active = (int) $admin->get_post('active');
    $admin_view = (int) $admin->get_post('admin_view');
    $admin_edit = (int) $admin->get_post('admin_edit');
    $show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
    $description = $admin->add_slashes($admin->get_post('description'));
    $tags = array('<?php', '?>', '<?');
    $content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
    $comments = trim($admin->add_slashes($admin->get_post('comments')));
Example #14
0
} else {
    $user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : '';
$active = addslashes($_POST['active'][0]);
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES));
$username = $admin->get_post_escaped($username_fieldname);
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES));
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
    $admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php');
}
if (strlen($username) < 3) {
    $admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php');
}
if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) {
    $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php');
}
if ($password != "" && $password2 != "") {
    if (strlen($password) < AUTH_MIN_PASS_LENGTH) {
        $admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], 'index.php');
    }
    if ($password != $password2) {
        $admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], 'index.php');
    }
}
 *
 */
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages');
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get page list from database
// $database = new database();
$query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE visibility = 'deleted' ORDER BY level DESC";
$get_pages = $database->query($query);
// Insert values into main page list
if ($get_pages->numRows() > 0) {
    while ($page = $get_pages->fetchRow()) {
        // Delete page subs
        $sub_pages = get_subs($page['page_id'], array());
        foreach ($sub_pages as $sub_page_id) {
            delete_page($sub_page_id);
        }
        // Delete page
        delete_page($page['page_id']);
    }
}
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
    $admin->print_error($database->get_error());
} else {
    $admin->print_success($TEXT['TRASH_EMPTIED']);
}
// Print admin
$admin->print_footer();
}
require_once WB_PATH . "/include/jscalendar/jscalendar-functions.php";
/**/
// Create new admin object
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_modify', false);
// Get page id
if (!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
    header("Location: index.php");
    exit(0);
} else {
    $page_id = (int) $_GET['page_id'];
}
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id);
}
// After check print the header
$admin->print_header();
/*
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
{
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
	exit();
}
*/
// Get perms
// $database = new database();
$results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'");
$results_array = $results->fetchRow();
$old_admin_groups = explode(',', $results_array['admin_groups']);
 */
// Create admin object
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Media', 'media_delete', false);
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get the current dir
$directory = $admin->get_get('dir');
$directory = $directory == '/' ? '' : $directory;
$dirlink = 'browse.php?dir=' . $directory;
$rootlink = 'browse.php?dir=';
// Check to see if it contains ..
if (!check_media_path($directory)) {
    // $admin->print_header();
    $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], $rootlink, false);
}
// Get the file id
$file_id = $admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']);
if (!$file_id) {
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false);
}
// Get home folder not to show
$home_folders = get_home_folders();
$usedFiles = array();
// feature freeze
// require_once(ADMIN_PATH.'/media/dse.php');
/*

if(!empty($currentdir)) {
    $usedFiles = $Dse->getMatchesFromDir( $directory, DseTwo::RETURN_USED);
Example #18
0
// include WB functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
// load WB language file
require_once LEPTON_PATH . '/languages/' . LANGUAGE . '.php';
// create Admin object with admin header
$admin = new admin('Addons', '', true, false);
$js_back = ADMIN_URL . '/modules/index.php?advanced';
/**
 * Manually execute the specified module file (install.php, upgrade.php or uninstall.php)
 */
// check if specified module folder exists
$mod_path = LEPTON_PATH . '/modules/' . basename(LEPTON_PATH . '/' . $_POST['file']);
// let the old variablename if module use it
$module_dir = $mod_path;
if (!file_exists($mod_path . '/' . $_POST['action'] . '.php')) {
    $admin->print_error($TEXT['NOT_FOUND'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt> ', $js_back);
}
// include modules install.php script
require $mod_path . '/' . $_POST['action'] . '.php';
// load module info into database and output status message
require $mod_path . "/info.php";
load_module($mod_path, false);
$msg = $TEXT['EXECUTE'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt>';
switch ($_POST['action']) {
    case 'install':
    case 'upgrade':
    case 'uninstall':
        $admin->print_success($msg, $js_back);
        break;
    default:
        $admin->print_error($TEXT["ACTION_NOT_SUPPORTED"], $js_back);
Example #19
0
    $template->pparse('output', 'page');
} elseif ($_POST['action'] == 'delete') {
    /**	************************
     *	Try to delete the selected User
     */
    //	Get Admin access to the current page?
    $admin = new admin('Access', 'users_delete');
    /**
     *	Test for user statusflags == 32 
     */
    $result = array();
    $database->execute_query("SELECT `statusflags` FROM `" . TABLE_PREFIX . "users` WHERE `user_id`= '" . $_POST['user_id'] . "'", true, $result, false);
    if ($result['statusflags'] == 32) {
        /**
         *	NOTICE: Aldus 15.12.2014	Error message is not in the language-file!
         */
        $admin->print_error("Can't delete User - User got statusflags 32.");
    } else {
        /**
         *	Delete the user
         */
        $database->query("DELETE FROM `" . TABLE_PREFIX . "users` WHERE `user_id`= '" . $_POST['user_id'] . "'");
        if ($database->is_error()) {
            $admin->print_error($database->get_error());
        } else {
            $admin->print_success($MESSAGE['USERS_DELETED']);
        }
    }
}
// Print admin footer
$admin->print_footer();
$admin = new admin('Access', 'groups');
$ftan = $admin->getFTAN();
// Setup template object, parse vars to it, then parse it
// Create new template object
$template = new Template(dirname($admin->correct_theme_source('groups.htt')));
// $template->debug = true;
$template->set_file('page', 'groups.htt');
$template->set_block('page', 'main_block', 'main');
$template->set_block('main_block', 'manage_users_block', 'users');
// insert urls
$template->set_var(array('ADMIN_URL' => ADMIN_URL, 'WB_URL' => WB_URL, 'THEME_URL' => THEME_URL, 'FTAN' => $ftan));
// Get existing value from database
$query = 'SELECT `group_id`, `name` FROM `' . TABLE_PREFIX . 'groups` WHERE `group_id` != 1';
$results = $database->query($query);
if ($database->is_error()) {
    $admin->print_error($database->get_error(), 'index.php');
}
// Insert values into the modify/remove menu
$template->set_block('main_block', 'list_block', 'list');
if ($results->numRows() > 0) {
    // Insert first value to say please select
    $template->set_var('VALUE', '');
    $template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...');
    $template->parse('list', 'list_block', true);
    // Loop through groups
    while ($group = $results->fetchRow(MYSQLI_ASSOC)) {
        $template->set_var('VALUE', $admin->getIDKEY($group['group_id']));
        $template->set_var('NAME', $group['name']);
        $template->parse('list', 'list_block', true);
    }
} else {
Example #21
0
<?php

/*
*	@version	0.1
*	@author		Ruud Eisinga (Ruud)
*	@date		2009-04-10
*/
require '../../config.php';
// Get id
if (!isset($_GET['group_id']) or !is_numeric($_GET['group_id'])) {
    header("Location: " . ADMIN_URL . "/pages/index.php");
} else {
    $group_id = $_GET['group_id'];
}
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
$gtable = TABLE_PREFIX . 'mod_capslider_groups';
$database->query("DELETE FROM " . $gtable . " WHERE group_id = '{$group_id}' LIMIT 1");
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
    $admin->print_error($database->get_error(), $module_edit_link);
} else {
    $admin->print_success($TEXT['SUCCESS'], $module_edit_link);
}
// Print admin footer
$admin->print_footer();
    header("Location: index.php");
    exit(0);
} else {
    $page_id = intval($_POST['page_id']);
}
if (!isset($_POST['section_id']) || !is_numeric($_POST['section_id'])) {
    header("Location: index.php");
    exit(0);
} else {
    $section_id = intval($_POST['section_id']);
}
// $js_back = "javascript: history.go(-1);";
$js_back = ADMIN_URL . '/pages/modify.php?page_id=' . $page_id;
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Get perms
$sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
$results_array = $results->fetchRow();
if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page module
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id;
$module = $database->get_one($sql);
if (!$module) {
    $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
Example #23
0
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
// end include class.secure.php
// Get page id
if (!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
    header("Location: index.php");
    exit(0);
} else {
    $page_id = $_GET['page_id'];
}
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify');
// Get perms
if (!$admin->get_page_permission($page_id, 'admin')) {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
$sectionId = isset($_GET['wysiwyg']) ? htmlspecialchars($admin->get_get('wysiwyg')) : NULL;
// Get page details
$results_array = $admin->get_page_details($page_id);
// Get display name of person who last modified the page
$user = $admin->get_user_details($results_array['modified_by']);
// Convert the unix ts for modified_when to human a readable form
$modified_ts = $results_array['modified_when'] != 0 ? $modified_ts = date(TIME_FORMAT . ', ' . DATE_FORMAT, $results_array['modified_when']) : 'Unknown';
// Include page info script
$template = new Template(THEME_PATH . '/templates');
$template->set_file('page', 'pages_modify.htt');
$template->set_block('page', 'main_block', 'main');
$template->set_var(array('PAGE_ID' => $results_array['page_id'], 'PAGE_TITLE' => $results_array['page_title'], 'MENU_TITLE' => $results_array['menu_title'], 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL));
$template->set_var(array('MODIFIED_BY' => $user['display_name'], 'MODIFIED_BY_USERNAME' => $user['username'], 'MODIFIED_WHEN' => $modified_ts, 'LAST_MODIFIED' => $MESSAGE['PAGES_LAST_MODIFIED']));
$template->set_block('main_block', 'show_modify_block', 'show_modify');
Example #24
0
$admin = new admin('Access', 'groups_modify');
include_once LEPTON_PATH . '/framework/summary.functions.php';
// Create a javascript back link
$js_back = "javascript: history.go(-1);";
// Check if group group_id is a valid number and doesnt equal 1
if (!isset($_POST['group_id']) || !is_numeric($_POST['group_id']) || $_POST['group_id'] == 1) {
    header("Location: index.php");
    exit(0);
} else {
    $group_id = $_POST['group_id'];
}
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
// Check values
if ($group_name == "") {
    $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK']);
}
// Get system permissions
require_once ADMIN_PATH . '/groups/get_permissions.php';
// Update the database
$query = "UPDATE " . TABLE_PREFIX . "groups SET name = '{$group_name}', system_permissions = '{$system_permissions}', module_permissions = '{$module_permissions}', template_permissions = '{$template_permissions}' WHERE group_id = '{$group_id}'";
$database->query($query);
if ($database->is_error()) {
    $admin->print_error($database->get_error());
    exit;
} else {
    $admin->print_success($MESSAGE['GROUPS_SAVED'], ADMIN_URL . '/groups/index.php');
    exit;
}
// Print admin footer
$admin->print_footer();
<?php

require '../../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages');
if (!isset($_GET['dd']) || !is_numeric($_GET['dd'])) {
    exit;
}
$query_order_pages = sprintf("UPDATE `" . TABLE_PREFIX . "mod_jsadmin` \n\t\t\t\t\t\t\t\tSET `value` = '%d' \n\t\t\t\t\t\t\t\tWHERE `name` = 'mod_jsadmin_ajax_order_pages'", $_GET['dd']);
$database->query($query_order_pages);
if ($database->is_error()) {
    $admin->print_error($database->get_error(), ADMIN_URL . '/pages/index.php');
} else {
    $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/pages/index.php');
}
$admin->print_footer();
?>

     }
     // Insert language text and messages
     $template->set_var(array('TEXT_RESET' => $TEXT['RESET'], 'TEXT_CANCEL' => $TEXT['CANCEL'], 'TEXT_ACTIVE' => $TEXT['ACTIVE'], 'TEXT_DISABLED' => $TEXT['DISABLED'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'TEXT_USERNAME' => $TEXT['USERNAME'], 'TEXT_PASSWORD' => $TEXT['PASSWORD'], 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], 'TEXT_EMAIL' => $TEXT['EMAIL'], 'TEXT_GROUP' => $TEXT['GROUP'], 'TEXT_NONE' => $TEXT['NONE'], 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], 'USERNAME_FIELDNAME' => $username_fieldname, 'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']));
     // Parse template object
     $template->parse('main', 'main_block', false);
     $template->pparse('output', 'page');
     // Print admin footer
     $admin->print_footer();
     break;
 case 'delete':
     // Print header
     $admin = new admin('Access', 'users_delete');
     $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
     // Check if user id is a valid number and doesnt equal 1
     if ($user_id == 0) {
         $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS']);
     }
     if ($user_id < 2) {
         // if($admin_header) { $admin->print_header(); }
         $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
     }
     $sql = 'SELECT `active` FROM `' . TABLE_PREFIX . 'users` ';
     $sql .= 'WHERE `user_id` = ' . $user_id . '';
     if (($iDeleteUser = $database->get_one($sql)) == 1) {
         // Delete the user
         $database->query("UPDATE `" . TABLE_PREFIX . "users` SET `active` = 0 WHERE `user_id` = '" . $user_id . "' ");
     } else {
         $database->query("DELETE FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = " . $user_id);
     }
     if ($database->is_error()) {
         $admin->print_error($database->get_error());
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Create admin object
require '../../config.php';
$admin = new admin('Media', 'media_rename', false);
// Include the WB functions file
// Get the current dir
$directory = $admin->get_get('dir');
$directory = $directory == '/' ? '' : $directory;
$dirlink = 'browse.php?dir=' . $directory;
$rootlink = 'browse.php?dir=';
// $file_id = intval($admin->get_get('id'));
// first Check to see if it contains ..
if (!check_media_path($directory)) {
    $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], $rootlink, false);
}
// Get the temp id
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
if (!$file_id) {
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false);
}
// Get home folder not to show
$home_folders = get_home_folders();
// Check for potentially malicious files
$forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD);
// Figure out what folder name the temp id is
if ($handle = opendir(WB_PATH . MEDIA_DIRECTORY . '/' . $directory)) {
    // Loop through the files and dirs an add to list
    while (false !== ($file = readdir($handle))) {
        $info = pathinfo($file);
 *
 * @copyright Ryan Djurovich (2004-2009)
 * @copyright WebsiteBaker Org. e.V. (2009-2015)
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Print admin header
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Access', 'groups_modify', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Check if group group_id is a valid number and doesnt equal 1
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
if ($group_id < 2) {
    // if($admin_header) { $admin->print_header(); }
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
// Check values
if ($group_name == "") {
    $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
// After check print the header
Example #29
0
                            $sql = 'DELETE FROM  `' . TABLE_PREFIX . 'addons`  WHERE `type` = \'language\'';
                            $database->query($sql);
                            // Reload all languages
                            foreach ($languages['filename'] as &$file) {
                                load_language(LEPTON_PATH . '/languages/' . $file);
                            }
                            //  Reload the current language file - otherwise wie've got the last message in e.g. russian.
                            require LEPTON_PATH . '/languages/' . LANGUAGE . '.php';
                            // Add success message
                            $msg[] = '<span class="normal bold green">' . $MESSAGE['ADDON_LANGUAGES_RELOADED'] . '</span>';
                        } else {
                            // Add error message
                            $error_msg[] = '<span class="normal bold red">' . $MESSAGE['ADDON_ERROR_RELOAD'] . ' - No languages found!</span>';
                        }
                        break;
                }
            }
        }
    }
} else {
    $error_msg[] = '<span class="big bold red">' . $MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES'] . '</span> ';
}
//
if (sizeof($error_msg) > 0) {
    $error_msg = array_merge($error_msg, $msg);
    $admin->print_error(implode($error_msg, '<br />'), $backlink);
} else {
    // output success message
    $admin->print_success(implode($msg, '<br />'), $backlink);
}
// $admin->print_footer();
 * WebsiteBaker Community Edition (WBCE)
 * Way Better Content Editing.
 * Visit http://wbce.org to learn more and to join the community.
 *
 * @copyright Ryan Djurovich (2004-2009)
 * @copyright WebsiteBaker Org. e.V. (2009-2015)
 * @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Setup admin object
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Addons', 'languages_uninstall', false);
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// After check print the header
$admin->print_header();
// Check if user selected language
if (!isset($_POST['code']) or $_POST['code'] == "") {
    header("Location: index.php");
    exit(0);
}
// Extra protection
if (trim($_POST['code']) == '') {
    header("Location: index.php");
    exit(0);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';