public function __construct($section_name = '##skip##', $section_permission = 'start', $auto_header = true, $auto_auth = true, $operateBuffer = true) { parent::__construct(SecureForm::BACKEND); if ($section_name != '##skip##') { global $database, $MESSAGE; // Specify the current applications name $this->section_name = $section_name; $this->section_permission = $section_permission; // Authenticate the user for this application if ($auto_auth == true) { // First check if the user is logged-in if ($this->is_authenticated() == false) { header('Location: ' . ADMIN_URL . '/login/index.php'); exit(0); } // Now check if they are allowed in this section if ($this->get_permission($section_permission) == false) { echo $section_permission . "<br>"; die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']); } } // Check if the backend language is also the selected language. If not, send headers again. $sql = 'SELECT `language` FROM `' . TABLE_PREFIX . 'users` '; $sql .= 'WHERE `user_id`=' . (int) $this->get_user_id(); $user_language = $database->get_one($sql); $admin_folder = str_replace(WB_PATH, '', ADMIN_PATH); if (LANGUAGE != $user_language && file_exists(WB_PATH . '/languages/' . $user_language . '.php') && strpos($_SERVER['SCRIPT_NAME'], $admin_folder . '/') !== false) { // check if page_id is set $page_id_url = isset($_GET['page_id']) ? '&page_id=' . (int) $_GET['page_id'] : ''; $section_id_url = isset($_GET['section_id']) ? '§ion_id=' . (int) $_GET['section_id'] : ''; if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') { // check if there is an query-string header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url . '&' . $_SERVER['QUERY_STRING']); } else { header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url); } exit; } // Auto header code if ($auto_header == true) { $this->print_header($body_tags = '', $operateBuffer); } } // i know this sucks but some old stuff really need this global $wb; $wb = $this; }
public function __construct() { parent::__construct(SecureForm::FRONTEND); }
/** * Constructor of the class * * Authenticate user then auto print the header * * @param str The section name. * @param str The section permissions belongs too. * @param bool Boolean to print out the header. Default is 'true'. * @param bool Boolean for the auto authentification. Default is 'true'. * */ public function __construct($section_name, $section_permission = 'start', $auto_header = true, $auto_auth = true) { global $database; global $MESSAGE; parent::__construct(); /** ********************* * TWIG Template Engine */ global $parser; global $loader; global $TEXT; global $MENU; global $OVERVIEW; global $HEADING; if (!isset($parser)) { require_once LEPTON_PATH . "/modules/lib_twig/library.php"; } $loader->prependPath(THEME_PATH . "/templates/", "theme"); // namespace for the Twig-Loader is "theme" $parser->addGlobal("TEXT", $TEXT); $parser->addGlobal("MENU", $MENU); $parser->addGlobal("OVERVIEW", $OVERVIEW); $parser->addGlobal("HEADING", $HEADING); $this->parser =& $parser; $this->loader =& $loader; /** ******** * End Twig */ /** * Droplet support * */ ob_start(); $this->db_handle = clone $database; // Specify the current applications name $this->section_name = $section_name; $this->section_permission = $section_permission; // Authenticate the user for this application if ($auto_auth == true) { // First check if the user is logged-in if ($this->is_authenticated() == false) { header('Location: ' . ADMIN_URL . '/login/index.php'); exit(0); } // Now check whether he has a valid token if (!$this->checkToken()) { unset($_SESSION['USER_ID']); header('Location: ' . ADMIN_URL . '/login/index.php'); exit(0); } // Now check if they are allowed in this section if ($this->get_permission($section_permission) == false) { die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']); } } // Check if the backend language is also the selected language. If not, send headers again. $user_language = array(); $this->db_handle->execute_query("SELECT `language` FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = '" . (int) $this->get_user_id() . "'", true, $user_language, false); // prevent infinite loop if language file is not XX.php (e.g. DE_du.php) $user_language = !isset($user_language['language']) ? "" : substr($user_language['language'], 0, 2); // obtain the admin folder (e.g. /admin) $admin_folder = str_replace(LEPTON_PATH, '', ADMIN_PATH); if (LANGUAGE != $user_language && file_exists(LEPTON_PATH . '/languages/' . $user_language . '.php') && strpos($_SERVER['SCRIPT_NAME'], $admin_folder . '/') !== false) { // check if page_id is set $page_id_url = isset($_GET['page_id']) ? '&page_id=' . (int) $_GET['page_id'] : ''; $section_id_url = isset($_GET['section_id']) ? '§ion_id=' . (int) $_GET['section_id'] : ''; if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') { header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url . '&' . $_SERVER['QUERY_STRING']); } else { header('Location: ' . $_SERVER['SCRIPT_NAME'] . '?lang=' . $user_language . $page_id_url . $section_id_url); } exit; } // Auto header code if ($auto_header == true) { $this->print_header(); } }
// Include config file require '../../../config.php'; if (!defined('WB_PATH')) { exit("Cannot access this file directly"); } require '../info.php'; $mod_dir = $module_directory; $tablename = $mod_dir; $mpath = WB_PATH . '/modules/' . $mod_dir . '/'; // include module_settings require_once WB_PATH . '/modules/' . $mod_dir . '/defaults/module_settings.default.php'; require_once WB_PATH . '/modules/' . $mod_dir . '/module_settings.php'; require_once WB_PATH . '/modules/' . $mod_dir . '/functions_small.php'; require_once WB_PATH . '/framework/class.wb.php'; $wb = new wb(); // Check if we should show the form or add a comment if (isset($_GET['page_id']) and is_numeric($_GET['page_id']) and isset($_GET['section_id']) and is_numeric($_GET['section_id']) and isset($_GET['topic_id']) and is_numeric($_GET['topic_id']) and (ENABLED_ASP and isset($_POST['c0mment_' . date('W')]) and $_POST['c0mment_' . date('W')] != '' or !ENABLED_ASP and isset($_POST['comment']) and $_POST['comment'] != '')) { if (ENABLED_ASP) { $commentpost = $_POST['c0mment_' . date('W')]; } else { $commentpost = $_POST['comment']; } $comment = $wb->add_slashes(trim(strip_tags($commentpost))); $thename = $wb->add_slashes(trim(strip_tags($_POST['thenome']))); $thesite = $wb->add_slashes(trim(strip_tags($_POST['thesote']))); $themail = $wb->add_slashes(trim(strip_tags($_POST['themoil']))); $page_id = (int) $_GET['page_id']; $section_id = (int) $_GET['section_id']; $topic_id = (int) $_GET['topic_id']; // Check captcha
* @copyright 2009-2011, Website Baker Org. e.V. * @link http://www.websitebaker2.org/ * @license http://www.gnu.org/licenses/gpl.html * @platform WebsiteBaker 2.8.3 * @requirements PHP 5.3.6 and higher * @version $Id: signup2.php 5 2015-04-27 08:02:19Z luisehahne $ * @filesource $HeadURL: https://localhost:8443/svn/wb283Sp4/SP4/branches/wb/account/signup2.php $ * @lastmodified $Date: 2015-04-27 10:02:19 +0200 (Mo, 27. Apr 2015) $ * */ // Must include code to stop this file being access directly if (defined('WB_PATH') == false) { die("Cannot access this file directly"); } // require_once(WB_PATH.'/framework/class.wb.php'); $wb = new wb('Start', 'start', false, false); // Get details entered $groups_id = FRONTEND_SIGNUP; $active = 1; $username = strtolower(strip_tags($wb->get_post_escaped('username'))); $display_name = strip_tags($wb->get_post_escaped('display_name')); $email = $wb->get_post('email'); // Create a javascript back link $js_back = WB_URL . '/account/signup.php'; /* if (!$wb->checkFTAN()) { $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false); exit(); } */
<?php require '../../config.php'; header('Content-Type: text/plain'); // plain text file // Get id if (!isset($_GET['section_id']) or !is_numeric($_GET['section_id'])) { die("Location: " . ADMIN_URL . "/pages/index.php"); } else { $section_id = $_GET['section_id']; } $mod_dir = basename(dirname(__FILE__)); $tablename = $mod_dir; require_once WB_PATH . '/modules/' . $mod_dir . '/defaults/module_settings.default.php'; require_once WB_PATH . '/modules/' . $mod_dir . '/module_settings.php'; $wb = new wb(); if ($wb->is_authenticated()) { echo "//Starting Javascript\n"; } else { die("Sorry, no access"); } //global $wb; // Get header and footer $query_content = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_" . $tablename . "_settings WHERE section_id = '{$section_id}'"); $fetch_content = $query_content->fetchRow(); $vv = explode(',', $fetch_content['picture_values'] . ',-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2'); $w_zoom = (int) $vv[0]; if ($w_zoom == -2) { $w_zoom = 1000; } $h_zoom = (int) $vv[1];
* @requirements PHP 5.3.6 and higher * @version $Id: submit_comment.php 1634 2012-03-09 02:20:16Z Luisehahne $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/branches/2.8.x/wb/modules/news/submit_comment.php $ * @lastmodified $Date: 2012-03-09 03:20:16 +0100 (Fr, 09. Mrz 2012) $ * */ // Include config file if (!defined('WB_PATH')) { require dirname(dirname(__DIR__)) . '/config.php'; } if (!class_exists('wb')) { require WB_PATH . '/framework/class.wb.php'; } // Create new frontend object if (!isset($wb) || !$wb instanceof wb) { $wb = new wb(); } $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $aRequestVars = isset(${$requestMethod}) ? ${$requestMethod} : null; // Get page id $page_id = intval(isset($aRequestVars['page_id'])) ? $aRequestVars['page_id'] : (isset($page_id) ? intval($page_id) : 0); // Get post_id $post_id = intval(isset($aRequestVars['post_id'])) ? $aRequestVars['post_id'] : (isset($post_id) ? intval($post_id) : 0); // Get section id if there is one $section_id = intval(isset($aRequestVars['section_id'])) ? $aRequestVars['section_id'] : (isset($section_id) ? intval($section_id) : 0); $_SESSION['message'] = null; if (!$wb->checkFTAN()) { $_SESSION['message'][] = $MESSAGE['GENERIC_SECURITY_ACCESS']; header("Location: " . WB_URL . "/modules/news/comment.php?post_id=" . (int) $aRequestVars['post_id'] . "§ion_id=" . (int) $aRequestVars['section_id'] . ""); exit(0); }
* @package news * @author WebsiteBaker Project * @copyright 2009-2011, Website Baker Org. e.V. * @link http://www.websitebaker2.org/ * @license http://www.gnu.org/licenses/gpl.html * @platform WebsiteBaker 2.8.x * @requirements PHP 5.2.2 and higher * @version $Id: comment.php 1538 2011-12-10 15:06:15Z Luisehahne $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/news/comment.php $ * @lastmodified $Date: 2011-12-10 16:06:15 +0100 (Sa, 10. Dez 2011) $ * */ // Include config file require '../../config.php'; require_once WB_PATH . '/framework/class.wb.php'; $wb = new wb(); // Check if there is a post id // $post_id = $wb->checkIDKEY('post_id', false, 'GET'); $post_id = (int) $_GET['post_id']; $section_id = (int) $_GET['section_id']; if (!$post_id or !isset($_GET['section_id']) or !is_numeric($_GET['section_id'])) { $wb->print_error('ABORT::' . $MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL . PAGES_DIRECTORY); exit; } // Query post for page id $query_post = $database->query("SELECT post_id,title,section_id,page_id FROM " . TABLE_PREFIX . "mod_news_posts WHERE post_id = '{$post_id}'"); if ($query_post->numRows() == 0) { header("Location: " . WB_URL . PAGES_DIRECTORY . ""); exit(0); } else { $fetch_post = $query_post->fetchRow();
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/account/preferences.php $ * @lastmodified $Date: 2011-09-07 20:51:47 +0200 (Mi, 07. Sep 2011) $ * */ require_once '../config.php'; if (!FRONTEND_LOGIN) { if (INTRO_PAGE) { header('Location: ' . WB_URL . PAGES_DIRECTORY . '/index.php'); exit(0); } else { header('Location: ' . WB_URL . '/index.php'); exit(0); } } require_once WB_PATH . '/framework/class.frontend.php'; $wb_inst = new wb(); if ($wb_inst->is_authenticated() == false) { header('Location: ' . WB_URL . '/account/login.php'); exit(0); } $page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0; // Required page details /* */ // $page_id = 0; $page_description = ''; $page_keywords = ''; define('PAGE_ID', $page_id); define('ROOT_PARENT', 0); define('PARENT', 0); define('LEVEL', 0); define('PAGE_TITLE', $MENU['PREFERENCES']);
include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php if (!FRONTEND_LOGIN) { if (INTRO_PAGE) { die(header('Location: ' . LEPTON_URL . PAGES_DIRECTORY . '/index.php')); } else { die(header('Location: ' . LEPTON_URL . '/index.php')); } } include_once LEPTON_PATH . '/framework/var.timezones.php'; require_once LEPTON_PATH . '/framework/class.wb.php'; $wb_inst = new wb(); if ($wb_inst->is_authenticated() == false) { die(header('Location: ' . LEPTON_URL . '/account/login.php')); } $submit_ok = false; if (isset($_POST['save']) && $_POST['save'] == 'account_settings') { if (isset($_SESSION['wb_apf_hash']) && $_SESSION['wb_apf_hash'] === $_POST['hash']) { if (TIME() - $_POST['r_time'] <= 60 * 5) { /** * user-password correct? * */ $user_id = $_SESSION['USER_ID']; $query = "SELECT `password` from `" . TABLE_PREFIX . "users` where `user_id`='" . $user_id . "' AND `password`='" . md5($_POST['current_password']) . "'"; $result = $database->query($query); if ($result->numRows() == 1) {
* @version $Id: preferences.php 1508 2011-09-07 18:51:47Z Luisehahne $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/account/preferences.php $ * @lastmodified $Date: 2011-09-07 20:51:47 +0200 (Mi, 07. Sep 2011) $ * */ require_once '../config.php'; if (!FRONTEND_LOGIN) { if (INTRO_PAGE) { header('Location: ' . WB_URL . PAGES_DIRECTORY . '/index.php'); exit(0); } else { header('Location: ' . WB_URL . '/index.php'); exit(0); } } $wb_inst = new wb(); if ($wb_inst->is_authenticated() == false) { header('Location: ' . WB_URL . '/account/login.php'); exit(0); } if ($wb_inst->get_permission("preferences", 'system') === false) { header('Location: ' . WB_URL . '/index.php'); exit(0); } $page_id = !empty($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0; // Required page details /* */ // $page_id = 0; $page_description = ''; $page_keywords = ''; define('PAGE_ID', $page_id);
public function __construct() { parent::__construct(1); }
* @requirements PHP 5.2.2 and higher * @version $Id: submit_comment.php 1634 2012-03-09 02:20:16Z Luisehahne $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/branches/2.8.x/wb/modules/news/submit_comment.php $ * @lastmodified $Date: 2012-03-09 03:20:16 +0100 (Fr, 09. Mrz 2012) $ * */ // Include config file require '../../config.php'; /* overwrite php.ini on Apache servers for valid SESSION ID Separator if(function_exists('ini_set')) { ini_set('arg_separator.output', '&'); } */ require_once WB_PATH . '/framework/class.wb.php'; $wb = new wb(); /* $post_id = (int)$_GET['post_id']; $section_id = (int)$_GET['section_id']; if (!$wb->checkFTAN()) { $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL."/modules/news/comment.php?post_id=".$post_id."§ion_id=".$section_id); } */ // Get page id $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $page_id = intval(isset(${$requestMethod}['page_id'])) ? ${$requestMethod}['page_id'] : (isset($page_id) ? intval($page_id) : 0); // Get post_id $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $post_id = intval(isset(${$requestMethod}['post_id'])) ? ${$requestMethod}['post_id'] : (isset($post_id) ? intval($post_id) : 0); // Get section id if there is one
$oneback = "../"; $root = $oneback; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= $oneback; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php require_once LEPTON_PATH . '/framework/class.wb.php'; $wb = new wb(); // Check if we should show the form or add a comment if (isset($_GET['page_id']) and is_numeric($_GET['page_id']) and isset($_GET['section_id']) and is_numeric($_GET['section_id']) and isset($_GET['post_id']) and is_numeric($_GET['post_id']) and (ENABLED_ASP and isset($_POST['comment_' . date('W')]) and $_POST['comment_' . date('W')] != '' or !ENABLED_ASP and isset($_POST['comment']) and $_POST['comment'] != '')) { if (ENABLED_ASP) { $comment = $_POST['comment_' . date('W')]; } else { $comment = $_POST['comment']; } $comment = addslashes(strip_tags($comment)); $title = addslashes(strip_tags($_POST['title'])); $page_id = $_GET['page_id']; $section_id = $_GET['section_id']; $post_id = $_GET['post_id']; // Check captcha $query_settings = $database->query("SELECT use_captcha FROM " . TABLE_PREFIX . "mod_news_settings WHERE section_id = '{$section_id}'"); if (!$query_settings->numRows()) {