function __destruct()
{
cLogsDb::$count_glob--;
parent::__destruct();
if (cLogsDb::$count_glob == 0 && DB_DEBUG) {
//cLogs::$aLogsAll[] = array("DB_QUERIES",cLogsDb::$aDbFileLogs);
cLogsDb::writeLogsToFile();
}
}
<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("addcapability.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_capab'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) {
$Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name']));
}
$Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
$aVals[] = array('name', $_POST['name']);
$aVals[] = array('description', $_POST['description']);
/// insert values ///
private function insert($aUser)
{
$time = getDateToDb(time() + AUTH_TIMEOUT);
$sess = session_id();
$res = cDb::insert('core_authentications', array(array('timeinit', $time), array('user', $aUser['id'], false), array('session', $sess), array('ip', $_SERVER['REMOTE_ADDR'])));
if (!$res) {
cLogs::addLog("#### AuthInsert: false");
$this->aErrors[] = getString("Some error during login process!", 'core');
$this->aErrors[] = getString("Contact your admin to solve this problem!", 'core');
$this->clearSessions();
$this->clearCookies();
return false;
}
$this->setSessions($aUser);
$this->setCookies($aUser);
return true;
}
<?php
if (!session_id()) {
@session_start();
}
require_once "../core/core_defines.inc.php";
require_once ROOT_PATH . "core/global_fce.php";
requireFile("admin/admin_fce.php");
$DB = new cDb();
$DB->connect();
$CFG = new cCfg();
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$_aErrors = array();
$_aAlerts = array();
$Authent = new cAuthentication();
$bAut = $Authent->authenticate();
if (!$bAut && ADMIN_PAGE_ACCESS_AUTHORIZIED || $bAut && !$CFG->hasCapability('superadmin')) {
header("Location: " . HTTP_PATH);
}
$_index_rights = true;
foreach ($_GET as $k => $v) {
$_GET[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
/// update capabilities ///
if (isset($_POST['update_capab'])) {
_updateCapabilities();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("adduser.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_user'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!');
$Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!');
$Check->check('role', 'is_numeric($test)', 'The role is required!');
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
$Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login']));
}
$passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
$Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
}
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$bPageLng = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title']))));
}
}
if ($bPage && $bPageLng) {
/// create php file with action ///
$hPage = fopen(ROOT_PATH . "pages/actions/" . $_POST['page'] . ".php", "w+");
$toFile = "<?php\nclass " . $_POST['page'] . " extends cPageAction {\n\t\n\tpublic function __construct() {\n\t\tparent::__construct(get_class());\n\t\tself::action();\t\n\t}\n\t\n\tprivate function action() {\n\t\t/// your code goes here \n\t}\n}\n?>";
fwrite($hPage, $toFile);
fclose($hPage);
return true;
}
return false;
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("add.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
if (isset($_POST['add_template'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/';
/// existing templates wasn't selected ///
if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) {
$Check->check('newtemp', '$test==false', 'The name of TEMPLATE already exists!', admin_tempExists($_POST['newtemp']));
}
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("addrole.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// max. 100 symbols ///
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
$Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name']));
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
}
$lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
if (count($lngExists)) {
$bPageLng[] = $DB->update('core_lngpages', array(array('title', $_POST['title']), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])), array('timemodified', getDateToDb())), array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
} else {
$bPageLng[] = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title']))));
}
} else {
$DB->delete('core_lngpages', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
}
}
return $bPage && count($bPageLng);
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("editpage.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
/// POST data to insert new page are sent ///
if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// existing templates wasn't selected ///
$Check->check('temp', '$test !== "null"', 'TEMPLATE is required!');
$bTitle = false;
foreach ($_POST as $k => $v) {
if (substr($k, 0, 3) == 'lng') {
$Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!');
<?php
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']);
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
if ($exists = admin_roleExists($_POST['name'])) {
$Logs->addLog($exists, 'role EXISTS');
$exists = !($exists['id'] == $_POST['roleid']);
}
$Logs->addLog($exists, 'role EXISTS');
$Check->check('name', '$test==false', 'The name of role already exists!', $exists);
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'form valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
<?php
if (!session_id()) {
@session_start();
}
require_once "core/core_defines.inc.php";
require_once "core/global_fce.php";
require_once "custom_defines.inc.php";
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$DB = new cDb();
$connection = $DB->connect();
if ($connection) {
$CFG = new cCfg();
if (!isset($_GET['_pageAction_'])) {
if (is_string($CFG->getDefaultPage('path'))) {
header("Location: " . $CFG->getDefaultPage('path'));
} else {
if (!ADMIN_PAGE_ACCESS_AUTHORIZIED) {
header("Location: " . HTTP_PATH . "admin");
}
}
}
$action = get_magic_quotes_gpc() ? $_GET['_pageAction_'] : addslashes($_GET['_pageAction_']);
//$Logs->addLog($action,"_pageAction_");
$CORE = new cBuildIndex($action);
if (MK_DEBUG) {
$CORE->addCssToHead("core/logs.css");
}
$Authent = new cAuthentication();
<?php
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("edittemplate.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!');
$Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
if ($_POST['parent_temp'] != 'null') {
$aVals[] = array('parentid', intval($_POST['parent_temp']), false);
} else {
$aVals[] = array('parentid', 'NULL', false);
}
<?php
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_user'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$aVals = array();
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']);
$Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!');
$Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!');
$Check->check('role', 'is_numeric($test)', 'The role is in wrong format!');
/// change login ///
if (strlen($_POST['login'])) {
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
if ($exists = admin_roleExists($_POST['login'])) {
$Logs->addLog($exists, 'user login EXISTS');
$exists = !($exists['id'] == $_POST['userid']);
}
$Logs->addLog($exists, 'user login EXISTS');
