public function __construct($section_name = '##skip##', $section_permission = 'start', $auto_header = true, $auto_auth = true, $operateBuffer = true)
{
parent::__construct(SecureForm::BACKEND);
if ($section_name != '##skip##') {
global $database, $MESSAGE;
// Specify the current applications name
$this->section_name = $section_name;
$this->section_permission = $section_permission;
// Authenticate the user for this application
if ($auto_auth == true) {
// First check if the user is logged-in
if ($this->is_authenticated() == false) {
header('Location: ' . ADMIN_URL . '/login/index.php');
exit(0);
}
// Now check if they are allowed in this section
if ($this->get_permission($section_permission) == false) {
echo $section_permission . "<br>";
die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']);
}
}
// Check if the backend language is also the selected language. If not, send headers again.
$sql = 'SELECT `language` FROM `' . TABLE_PREFIX . 'users` ';
$sql .= 'WHERE `user_id`=' . (int) $this->get_user_id();
$user_language = $database->get_one($sql);
$admin_folder = str_replace(WB_PATH, '', ADMIN_PATH);
if (LANGUAGE != $user_language && file_exists(WB_PATH . '/languages/' . $user_language . '.php') && strpos($_SERVER['SCRIPT_NAME'], $admin_folder . '/') !== false) {
// check if page_id is set
$page_id_url = isset($_GET['page_id']) ? '&page_id=' . (int) $_GET['page_id'] : '';
$section_id_url = isset($_GET['section_id']) ? '§ion_id=' . (int) $_GET['section_id'] : '';
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') {
// check if there is an query-string
header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url . '&' . $_SERVER['QUERY_STRING']);
} else {
header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url);
}
exit;
}
// Auto header code
if ($auto_header == true) {
$this->print_header($body_tags = '', $operateBuffer);
}
}
// i know this sucks but some old stuff really need this
global $wb;
$wb = $this;
}
public function __construct()
{
parent::__construct(SecureForm::FRONTEND);
}
/**
* Constructor of the class
*
* Authenticate user then auto print the header
*
* @param str The section name.
* @param str The section permissions belongs too.
* @param bool Boolean to print out the header. Default is 'true'.
* @param bool Boolean for the auto authentification. Default is 'true'.
*
*/
public function __construct($section_name, $section_permission = 'start', $auto_header = true, $auto_auth = true)
{
global $database;
global $MESSAGE;
parent::__construct();
/** *********************
* TWIG Template Engine
*/
global $parser;
global $loader;
global $TEXT;
global $MENU;
global $OVERVIEW;
global $HEADING;
if (!isset($parser)) {
require_once LEPTON_PATH . "/modules/lib_twig/library.php";
}
$loader->prependPath(THEME_PATH . "/templates/", "theme");
// namespace for the Twig-Loader is "theme"
$parser->addGlobal("TEXT", $TEXT);
$parser->addGlobal("MENU", $MENU);
$parser->addGlobal("OVERVIEW", $OVERVIEW);
$parser->addGlobal("HEADING", $HEADING);
$this->parser =& $parser;
$this->loader =& $loader;
/** ********
* End Twig
*/
/**
* Droplet support
*
*/
ob_start();
$this->db_handle = clone $database;
// Specify the current applications name
$this->section_name = $section_name;
$this->section_permission = $section_permission;
// Authenticate the user for this application
if ($auto_auth == true) {
// First check if the user is logged-in
if ($this->is_authenticated() == false) {
header('Location: ' . ADMIN_URL . '/login/index.php');
exit(0);
}
// Now check whether he has a valid token
if (!$this->checkToken()) {
unset($_SESSION['USER_ID']);
header('Location: ' . ADMIN_URL . '/login/index.php');
exit(0);
}
// Now check if they are allowed in this section
if ($this->get_permission($section_permission) == false) {
die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']);
}
}
// Check if the backend language is also the selected language. If not, send headers again.
$user_language = array();
$this->db_handle->execute_query("SELECT `language` FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = '" . (int) $this->get_user_id() . "'", true, $user_language, false);
// prevent infinite loop if language file is not XX.php (e.g. DE_du.php)
$user_language = !isset($user_language['language']) ? "" : substr($user_language['language'], 0, 2);
// obtain the admin folder (e.g. /admin)
$admin_folder = str_replace(LEPTON_PATH, '', ADMIN_PATH);
if (LANGUAGE != $user_language && file_exists(LEPTON_PATH . '/languages/' . $user_language . '.php') && strpos($_SERVER['SCRIPT_NAME'], $admin_folder . '/') !== false) {
// check if page_id is set
$page_id_url = isset($_GET['page_id']) ? '&page_id=' . (int) $_GET['page_id'] : '';
$section_id_url = isset($_GET['section_id']) ? '§ion_id=' . (int) $_GET['section_id'] : '';
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') {
header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url . '&' . $_SERVER['QUERY_STRING']);
} else {
header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url);
}
exit;
}
// Auto header code
if ($auto_header == true) {
$this->print_header();
}
}
// Include config file
require '../../../config.php';
if (!defined('WB_PATH')) {
exit("Cannot access this file directly");
}
require '../info.php';
$mod_dir = $module_directory;
$tablename = $mod_dir;
$mpath = WB_PATH . '/modules/' . $mod_dir . '/';
// include module_settings
require_once WB_PATH . '/modules/' . $mod_dir . '/defaults/module_settings.default.php';
require_once WB_PATH . '/modules/' . $mod_dir . '/module_settings.php';
require_once WB_PATH . '/modules/' . $mod_dir . '/functions_small.php';
require_once WB_PATH . '/framework/class.wb.php';
$wb = new wb();
// Check if we should show the form or add a comment
if (isset($_GET['page_id']) and is_numeric($_GET['page_id']) and isset($_GET['section_id']) and is_numeric($_GET['section_id']) and isset($_GET['topic_id']) and is_numeric($_GET['topic_id']) and (ENABLED_ASP and isset($_POST['c0mment_' . date('W')]) and $_POST['c0mment_' . date('W')] != '' or !ENABLED_ASP and isset($_POST['comment']) and $_POST['comment'] != '')) {
if (ENABLED_ASP) {
$commentpost = $_POST['c0mment_' . date('W')];
} else {
$commentpost = $_POST['comment'];
}
$comment = $wb->add_slashes(trim(strip_tags($commentpost)));
$thename = $wb->add_slashes(trim(strip_tags($_POST['thenome'])));
$thesite = $wb->add_slashes(trim(strip_tags($_POST['thesote'])));
$themail = $wb->add_slashes(trim(strip_tags($_POST['themoil'])));
$page_id = (int) $_GET['page_id'];
$section_id = (int) $_GET['section_id'];
$topic_id = (int) $_GET['topic_id'];
// Check captcha
* @copyright 2009-2011, Website Baker Org. e.V.
* @link http://www.websitebaker2.org/
* @license http://www.gnu.org/licenses/gpl.html
* @platform WebsiteBaker 2.8.3
* @requirements PHP 5.3.6 and higher
* @version $Id: signup2.php 5 2015-04-27 08:02:19Z luisehahne $
* @filesource $HeadURL: https://localhost:8443/svn/wb283Sp4/SP4/branches/wb/account/signup2.php $
* @lastmodified $Date: 2015-04-27 10:02:19 +0200 (Mo, 27. Apr 2015) $
*
*/
// Must include code to stop this file being access directly
if (defined('WB_PATH') == false) {
die("Cannot access this file directly");
}
// require_once(WB_PATH.'/framework/class.wb.php');
$wb = new wb('Start', 'start', false, false);
// Get details entered
$groups_id = FRONTEND_SIGNUP;
$active = 1;
$username = strtolower(strip_tags($wb->get_post_escaped('username')));
$display_name = strip_tags($wb->get_post_escaped('display_name'));
$email = $wb->get_post('email');
// Create a javascript back link
$js_back = WB_URL . '/account/signup.php';
/*
if (!$wb->checkFTAN())
{
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);
exit();
}
*/
<?php
require '../../config.php';
header('Content-Type: text/plain');
// plain text file
// Get id
if (!isset($_GET['section_id']) or !is_numeric($_GET['section_id'])) {
die("Location: " . ADMIN_URL . "/pages/index.php");
} else {
$section_id = $_GET['section_id'];
}
$mod_dir = basename(dirname(__FILE__));
$tablename = $mod_dir;
require_once WB_PATH . '/modules/' . $mod_dir . '/defaults/module_settings.default.php';
require_once WB_PATH . '/modules/' . $mod_dir . '/module_settings.php';
$wb = new wb();
if ($wb->is_authenticated()) {
echo "//Starting Javascript\n";
} else {
die("Sorry, no access");
}
//global $wb;
// Get header and footer
$query_content = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_" . $tablename . "_settings WHERE section_id = '{$section_id}'");
$fetch_content = $query_content->fetchRow();
$vv = explode(',', $fetch_content['picture_values'] . ',-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2');
$w_zoom = (int) $vv[0];
if ($w_zoom == -2) {
$w_zoom = 1000;
}
$h_zoom = (int) $vv[1];
* @requirements PHP 5.3.6 and higher
* @version $Id: submit_comment.php 1634 2012-03-09 02:20:16Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/branches/2.8.x/wb/modules/news/submit_comment.php $
* @lastmodified $Date: 2012-03-09 03:20:16 +0100 (Fr, 09. Mrz 2012) $
*
*/
// Include config file
if (!defined('WB_PATH')) {
require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('wb')) {
require WB_PATH . '/framework/class.wb.php';
}
// Create new frontend object
if (!isset($wb) || !$wb instanceof wb) {
$wb = new wb();
}
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$aRequestVars = isset(${$requestMethod}) ? ${$requestMethod} : null;
// Get page id
$page_id = intval(isset($aRequestVars['page_id'])) ? $aRequestVars['page_id'] : (isset($page_id) ? intval($page_id) : 0);
// Get post_id
$post_id = intval(isset($aRequestVars['post_id'])) ? $aRequestVars['post_id'] : (isset($post_id) ? intval($post_id) : 0);
// Get section id if there is one
$section_id = intval(isset($aRequestVars['section_id'])) ? $aRequestVars['section_id'] : (isset($section_id) ? intval($section_id) : 0);
$_SESSION['message'] = null;
if (!$wb->checkFTAN()) {
$_SESSION['message'][] = $MESSAGE['GENERIC_SECURITY_ACCESS'];
header("Location: " . WB_URL . "/modules/news/comment.php?post_id=" . (int) $aRequestVars['post_id'] . "§ion_id=" . (int) $aRequestVars['section_id'] . "");
exit(0);
}
* @package news
* @author WebsiteBaker Project
* @copyright 2009-2011, Website Baker Org. e.V.
* @link http://www.websitebaker2.org/
* @license http://www.gnu.org/licenses/gpl.html
* @platform WebsiteBaker 2.8.x
* @requirements PHP 5.2.2 and higher
* @version $Id: comment.php 1538 2011-12-10 15:06:15Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/news/comment.php $
* @lastmodified $Date: 2011-12-10 16:06:15 +0100 (Sa, 10. Dez 2011) $
*
*/
// Include config file
require '../../config.php';
require_once WB_PATH . '/framework/class.wb.php';
$wb = new wb();
// Check if there is a post id
// $post_id = $wb->checkIDKEY('post_id', false, 'GET');
$post_id = (int) $_GET['post_id'];
$section_id = (int) $_GET['section_id'];
if (!$post_id or !isset($_GET['section_id']) or !is_numeric($_GET['section_id'])) {
$wb->print_error('ABORT::' . $MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL . PAGES_DIRECTORY);
exit;
}
// Query post for page id
$query_post = $database->query("SELECT post_id,title,section_id,page_id FROM " . TABLE_PREFIX . "mod_news_posts WHERE post_id = '{$post_id}'");
if ($query_post->numRows() == 0) {
header("Location: " . WB_URL . PAGES_DIRECTORY . "");
exit(0);
} else {
$fetch_post = $query_post->fetchRow();
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/account/preferences.php $
* @lastmodified $Date: 2011-09-07 20:51:47 +0200 (Mi, 07. Sep 2011) $
*
*/
require_once '../config.php';
if (!FRONTEND_LOGIN) {
if (INTRO_PAGE) {
header('Location: ' . WB_URL . PAGES_DIRECTORY . '/index.php');
exit(0);
} else {
header('Location: ' . WB_URL . '/index.php');
exit(0);
}
}
require_once WB_PATH . '/framework/class.frontend.php';
$wb_inst = new wb();
if ($wb_inst->is_authenticated() == false) {
header('Location: ' . WB_URL . '/account/login.php');
exit(0);
}
$page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0;
// Required page details
/* */
// $page_id = 0;
$page_description = '';
$page_keywords = '';
define('PAGE_ID', $page_id);
define('ROOT_PARENT', 0);
define('PARENT', 0);
define('LEVEL', 0);
define('PAGE_TITLE', $MENU['PREFERENCES']);
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// end include class.secure.php
if (!FRONTEND_LOGIN) {
if (INTRO_PAGE) {
die(header('Location: ' . LEPTON_URL . PAGES_DIRECTORY . '/index.php'));
} else {
die(header('Location: ' . LEPTON_URL . '/index.php'));
}
}
include_once LEPTON_PATH . '/framework/var.timezones.php';
require_once LEPTON_PATH . '/framework/class.wb.php';
$wb_inst = new wb();
if ($wb_inst->is_authenticated() == false) {
die(header('Location: ' . LEPTON_URL . '/account/login.php'));
}
$submit_ok = false;
if (isset($_POST['save']) && $_POST['save'] == 'account_settings') {
if (isset($_SESSION['wb_apf_hash']) && $_SESSION['wb_apf_hash'] === $_POST['hash']) {
if (TIME() - $_POST['r_time'] <= 60 * 5) {
/**
* user-password correct?
*
*/
$user_id = $_SESSION['USER_ID'];
$query = "SELECT `password` from `" . TABLE_PREFIX . "users` where `user_id`='" . $user_id . "' AND `password`='" . md5($_POST['current_password']) . "'";
$result = $database->query($query);
if ($result->numRows() == 1) {
* @version $Id: preferences.php 1508 2011-09-07 18:51:47Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/account/preferences.php $
* @lastmodified $Date: 2011-09-07 20:51:47 +0200 (Mi, 07. Sep 2011) $
*
*/
require_once '../config.php';
if (!FRONTEND_LOGIN) {
if (INTRO_PAGE) {
header('Location: ' . WB_URL . PAGES_DIRECTORY . '/index.php');
exit(0);
} else {
header('Location: ' . WB_URL . '/index.php');
exit(0);
}
}
$wb_inst = new wb();
if ($wb_inst->is_authenticated() == false) {
header('Location: ' . WB_URL . '/account/login.php');
exit(0);
}
if ($wb_inst->get_permission("preferences", 'system') === false) {
header('Location: ' . WB_URL . '/index.php');
exit(0);
}
$page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0;
// Required page details
/* */
// $page_id = 0;
$page_description = '';
$page_keywords = '';
define('PAGE_ID', $page_id);
public function __construct()
{
parent::__construct(1);
}
* @requirements PHP 5.2.2 and higher
* @version $Id: submit_comment.php 1634 2012-03-09 02:20:16Z Luisehahne $
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/branches/2.8.x/wb/modules/news/submit_comment.php $
* @lastmodified $Date: 2012-03-09 03:20:16 +0100 (Fr, 09. Mrz 2012) $
*
*/
// Include config file
require '../../config.php';
/*
overwrite php.ini on Apache servers for valid SESSION ID Separator
if(function_exists('ini_set')) {
ini_set('arg_separator.output', '&');
}
*/
require_once WB_PATH . '/framework/class.wb.php';
$wb = new wb();
/*
$post_id = (int)$_GET['post_id'];
$section_id = (int)$_GET['section_id'];
if (!$wb->checkFTAN())
{
$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL."/modules/news/comment.php?post_id=".$post_id."§ion_id=".$section_id);
}
*/
// Get page id
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$page_id = intval(isset(${$requestMethod}['page_id'])) ? ${$requestMethod}['page_id'] : (isset($page_id) ? intval($page_id) : 0);
// Get post_id
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$post_id = intval(isset(${$requestMethod}['post_id'])) ? ${$requestMethod}['post_id'] : (isset($post_id) ? intval($post_id) : 0);
// Get section id if there is one
$oneback = "../";
$root = $oneback;
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= $oneback;
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// end include class.secure.php
require_once LEPTON_PATH . '/framework/class.wb.php';
$wb = new wb();
// Check if we should show the form or add a comment
if (isset($_GET['page_id']) and is_numeric($_GET['page_id']) and isset($_GET['section_id']) and is_numeric($_GET['section_id']) and isset($_GET['post_id']) and is_numeric($_GET['post_id']) and (ENABLED_ASP and isset($_POST['comment_' . date('W')]) and $_POST['comment_' . date('W')] != '' or !ENABLED_ASP and isset($_POST['comment']) and $_POST['comment'] != '')) {
if (ENABLED_ASP) {
$comment = $_POST['comment_' . date('W')];
} else {
$comment = $_POST['comment'];
}
$comment = addslashes(strip_tags($comment));
$title = addslashes(strip_tags($_POST['title']));
$page_id = $_GET['page_id'];
$section_id = $_GET['section_id'];
$post_id = $_GET['post_id'];
// Check captcha
$query_settings = $database->query("SELECT use_captcha FROM " . TABLE_PREFIX . "mod_news_settings WHERE section_id = '{$section_id}'");
if (!$query_settings->numRows()) {
