<?php $log = "User " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ") logging off... "; if (!$oUserManager->checkUser($fusebox['defaultUser'])) { $tmpoUser = new User(0, $fusebox['defaultUser']); $tmpoUser->setRegisteredDate(); if ($oUserManager->addUser($tmpoUser)) { if (!($tmpoUser = $oUserManager->getUser($fusebox['defaultUser']))) { _throw("FStillNoDefaultUser", "No default user found... again! DB corrupted ?"); } } else { _throw("FCannotAddDefaultUser", "Cannot add default user"); } } if ($userlogged = $oUserManager->logoutUser()) { $oUser = $userlogged; // setting unique name for visitor to track activity $oUser->setFirstName(strtoupper($oUser->getLogin())); $oUser->setMiddleName(chr(rand(65, 90))); $oUser->setLastName(rand(0, 9999999)); $oUser->setUserAgent($_SERVER['HTTP_USER_AGENT']); $oUser->setCurrentVisitIP($_SERVER['REMOTE_ADDR']); $oUser->setCurrentVisitMoment(date('Y-m-d H:i:s')); $log .= "success!"; } else { _error("ENoDefaultUser", "No default user found"); $log .= "failed."; } _xfa($myself . $fusebox['defaultFuseaction']); _log($log); _log("After logoff user became " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ")");
<?php if (!empty($attributes['id'])) { if (is_numeric($attributes['id'])) { if ($oSecurityManager->checkGroupByID($attributes['id'])) { if ($oSecurityManager->removeGroupsByID($attributes['id'])) { _message("MGroupRemoved", "Group removed"); } } else { _warning("WNoSuchGroup", "No such group found"); } } elseif (is_array($attributes['id'])) { if ($oSecurityManager->removeGroupsByID($attributes['id'])) { _message("MGroupsRemoved", "Groups removed"); } } else { _error("EInvalidGroupID", "Invalid group ID"); } } else { _error("ENoGroupGiven", "No security group is given to delete"); } _xfa($myself . "admin.showGroups");
<?php if (empty($attributes['id']) && empty($attributes['key'])) { _error("ENoFuseactionGiven", "No page or action is given"); } else { $tmpFuseaction = false; if (isset($attributes['id']) && intval($attributes['id']) > 0) { $tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id'])); } elseif (isset($attributes['key'])) { $tmpFuseaction = $oFuseManager->getFuseaction($attributes['key']); } else { _error("ENoValidFuseactionGiven", "No valid page or action is given"); } if (!$tmpFuseaction) { _error("ENoFuseactionFound", "No such page or action found in DB"); } else { $tmpFuseaction->setResponsibility($attributes['fResponsibility']); if ($oFuseManager->setFuseaction($tmpFuseaction->getName(), $tmpFuseaction)) { _message("MFuseactionStored", "Page/action responsibilities stored successfully"); } else { _warning("WFuseactionNotStored", "Page/action responsibilities not saved"); } } } if (!_gotxfa()) { _xfa($myself . "admin.showFuseaction&id={$attributes['id']}"); }
<?php if (!empty($attributes['fCode']) && isset($attributes['fName'])) { if (!$oPropertyManager->setProperty($attributes['fCode'], array('code' => $attributes['fCode'], 'name' => $attributes['fName']))) { _warning("WPropertyNotSaved", "Something happened when storing property, probably property with such code already exists"); } else { _message("MPropertySaved", "Property was sucessfully saved"); } } else { _error("EWrongFormSubmitted", "Wrong form submitted, or else..."); } _xfa($myself . "admin.showProperties");
} } else { _warning("WCaptchaStringUnknown", "Secret user string is unknown"); } if (!_gotWarnings() && !_gotErrors()) { $tmpUser->setRegisteredDate(); if ($newuserid = $oUserManager->addUser($tmpUser)) { $tmparrRegistrantGroups = explode(",", $fusebox['defaultRegistrantGroups']); $tmparrRegistrantGroups2 = array(); if (count($tmparrRegistrantGroups) > 0) { foreach ($tmparrRegistrantGroups as $g) { $tmparrRegistrantGroups2[] = $oSecurityManager->getGroup($g); } } if ($oSecurityManager->pushUserGroups($newuserid, $tmparrRegistrantGroups2)) { _message("MUserAdded", "User successfully added"); } else { _warning("WGroupNotSetForNewUser", "Cannot set default security group for new user " . $tmpUser->getLogin()); } } else { _warning("WUserNotAdded", "User wasn't added"); } } } } } else { _error("EInvalidForm", "Invalid form submitted"); } if (!_gotWarnings() && !_gotErrors()) { _xfa("{$myself}home.showRegistrationConfirmation"); }
if (!isset($attributes['email']) || strlen($attributes['email']) == 0) { _warning("WEmptyEmail", $oContentManager->getTitle("WEmptyEmail", "Please enter your email")); } else { if (preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $attributes['email']) == 0) { _warning("WInvalidEmail", $oContentManager->getTitle("WInvalidEmail", "Please enter valid email")); } else { if ($_SESSION['SecretUserString'] != $attributes['captcha']) { _warning("WInvalidCaptcha", $oContentManager->getTitle("WInvalidCaptcha", "Security string is not correct")); } else { $replaceFrom = array("{TEXT}"); $replaceTo = array($attributes['text']); $subject = str_replace($replaceFrom, $replaceTo, $ogMailTemplatesManager->getTitle("ContactUs", "Message from site visitor")); $body = str_replace($replaceFrom, $replaceTo, $ogMailTemplatesManager->getContent("ContactUs", "{TEXT}")); $oPHPMailer = new PHPMailer(); $oPHPMailer->IsHTML(true); $oPHPMailer->From = stripslashes($attributes['email']); $oPHPMailer->FromName = stripslashes($attributes['name']); $oPHPMailer->CharSet = $oLanguage->getEncoding(); $oPHPMailer->AddAddress($oSettingsManager->getValue("ContactUsEmail", 'postmaster@' . $_SERVER['HTTP_HOST'], "STRING", "Contact Us email address")); $oPHPMailer->Subject = stripslashes($subject); $oPHPMailer->Body = stripslashes($body); $oPHPMailer->Send(); unset($oPHPMailer); _message("MContactUsMessageSent", "Message sent"); } } } } if (!_gotWarnings() && !_gotErrors()) { _xfa("{$myself}home.showContactForm"); }
<?php if (isset($attributes['fCode']) && isset($attributes['fXCode']) && isset($attributes['fName']) && isset($attributes['fPos'])) { if (strlen($attributes['fCode']) > 0) { if (isset($attributes['entryid'])) { if (!$oPropertyManager->setDictionaryEntryByID($attributes['entryid'], array('code' => $attributes['fCode'], 'xcode' => $attributes['fXCode'], 'name' => $attributes['fName'], 'pos' => $attributes['fPos']))) { _warning("WPropertyDictionaryEntryNotStored", "Something happened while saving property dictionary entry to DB, probably another entry exists with same code or no entry with such ID (already) exists"); } else { _message("MPropertyDictionaryEntryStored", "Property dictionary entry successfully stored"); } } elseif (isset($attributes['propertycode'])) { if (!$oPropertyManager->addDictionaryEntry($attributes['propertycode'], array('code' => $attributes['fCode'], 'xcode' => $attributes['fXCode'], 'name' => $attributes['fName'], 'pos' => $attributes['fPos']))) { _warning("WPropertyDictionaryEntryNotAdded", "Something happened while adding property dictionary entry to DB, probably entry with such code already exists"); } else { _message("MPropertyDictionaryEntryAdded", "Property dictionary entry successfully added"); } } else { _error("ENoPropertyOrEntryFound", "No property or dictionary entry given"); } } else { _warning("WPropertyDictionaryEntryCodeCannotBeEmpty", "Property dictionary entry code cannot be empty"); } } else { _error("EWrongEntryFormSubmitted", "Invalid property dictionary form submitted"); } _xfa($myself . "admin.showPropertyDictionary&code=" . $attributes['propertycode']);
$attributes['last_modified'] = date('Y-m-d'); } if (strlen($attributes['change_freq']) == 0) { _warning("MessageEmptyChangeFreq", $oContentManager->getCleanTitle("MessageEmptyChangeFreq")); } if (strlen($attributes['priority']) == 0) { $attributes['priority'] = 0.5; } else { $attributes['priority'] = floatval($attributes['priority']); } if (!_gotWarnings() && !_gotErrors()) { $newItem = array(); $newItem['url'] = $attributes['url']; $newItem['last_modified'] = $attributes['last_modified']; $newItem['change_freq'] = $attributes['change_freq']; $newItem['priority'] = $attributes['priority']; if ($attributes['id'] > 0) { if ($oSitemap->updateItemByID($attributes['id'], $newItem)) { _message("MSitemapItemUpdated", "Sitemap Item updated successfully"); } else { _warning("WCannotUpdateSitemapItem", $oSitemap->getLastError()); } } else { if ($oSitemap->addItem($newItem)) { _message("MSitemapItemAdded", "Sitemap Item added successfully"); } else { _warning("WCannotAddSitemapItem", $oSitemap->getLastError()); } } _xfa($myself . "admin.showSitemap"); }
if (empty($attributes['id'])) { _error("ENoFuseactionGiven", "No page or action is given"); } else { $tmpFuseaction = false; if (isset($attributes['id']) && intval($attributes['id']) > 0) { $tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id'])); } else { _error("ENoValidFuseactionGiven", "No valid page or action is given"); } if (!$tmpFuseaction) { _error("ENoFuseactionFound", "No such page or action found in DB"); } else { $arrLanguages = $oLanguageManager->getLanguages(); $arrTokens = $oGraphicsManager->pullTokens($tmpFuseaction->getID()); foreach ($arrTokens as $tmpToken) { foreach ($arrLanguages as $tmpLanguage) { $tmpFileName = $oGraphicsManager->pullTitle($tmpFuseaction->getID(), $tmpLanguage->getID(), $tmpToken['token']); $tmpFilePath = $fusebox['pathGraphics'] . $tmpFileName; if ($tmpFileName != '' && !strpos($tmpFileName, '/') && file_exists($tmpFilePath) && !is_dir($tmpFilePath)) { @unlink($tmpFilePath); } } } if (!$oGraphicsManager->deleteFuseactionTokens($tmpFuseaction->getID())) { _warning("WFuseactionGraphicsNotCleared", "Cannot clear page graphics. DB error."); } else { _message("MFuseactionGraphicsCleared", "Page graphics was removed successfully"); _xfa($myself . "admin.showGraphicsPages"); } } }
<?php $itemID = isset($attributes['id']) ? intval($attributes['id']) : 0; if ($itemID > 0) { //check that document exists $itemToDelete = $oSitemap->getItemByID($itemID); if (empty($itemToDelete)) { _warning("WSitemapItemNotFound", "Sitemap Item not found, probably already deleted"); } else { if ($oSitemap->deleteItemByID($itemID)) { _message("MSitemapItemDeleted", "Sitemap Item deleted successfully"); } else { _warning("WCannotDeleteSitemapItem", "Cannot delete Sitemap Item, DB error"); } _xfa("{$myself}admin.showSitemap"); } } else { _warning("WEmptySitemapItemID", "No Sitemap Item ID(s) specified"); }
<?php foreach ($attributes as $key => $val) { $tmpoUser = false; $arrGroups = array(); if (strpos($key, "u_") !== false) { if (is_array($val)) { foreach ($val as $gid) { $arrGroups[] = $oSecurityManager->getGroupByID($gid); } list($u, $id) = explode("_", $key); if ($tmpoUser = $oUserManager->getUserByID($id)) { $oSecurityManager->pushUserGroups($tmpoUser->getID(), $arrGroups); } } } } _message("MUserGroupsStored", "User groups stored"); _xfa($myself . "admin.showUsers");
<?php $result = true; foreach ($attributes as $k => $a) { if (strpos($k, "sq_") !== false) { $arrID = explode("_", $k); if (!$oSecurityManager->pushGroupAccessByID($arrID[1], $a)) { $result = false; } } } if (!$result) { _warning("WExceptionSavingSecurity", "Something happened while permissions update performed"); } else { _message("MSecurityUpdated", "Permissions updated"); } _xfa($myself . "admin.showFuseactions");
<?php if (!empty($attributes['key'])) { if ($oSettingsManager->removeSetting($attributes['key'])) { _message("MSettingDeleted", "Setting deleted succsessfully"); _xfa($myself . "admin.showSettings"); } else { _warning("WSettingNotDeleted", "Something happened when deleting a setting, probably setting with such key already deleted"); } } else { _error("ENoSettingGiven", "No setting key is given"); }
<?php /* * SECURITY FUSEBOX PLUGIN v.4B1 * (c) Rodion Bykov roddyb@yandex.ru 2005 * Created on Nov 14, 2005 * Last modified on Oct 27, 2006 * * Please ask for written permission before redistribute or use this plugin in your project * I give no warranty or support of any kind for this class, neither guarantee its suitability to any purpose */ if ($attributes['fuseaction'] == $fusebox['xfaLogin'] || $attributes['fuseaction'] == $fusebox['xfaLogout'] || $attributes['fuseaction'] == $fusebox['xfaAccessDenied'] || $attributes['fuseaction'] == $fusebox['xfaLoginForm']) { $access = true; } else { $access = $oSecurityManager->getUserAccess($attributes['fuseaction']); } if (!$access) { // saving location to go after successful login _xfa($here, $fusebox['xfaLogin']); // saving XFAs to session to pick up next time $_SESSION['globalXFA'] = $XFA; // moving to exit Location($fusebox['urlBase'] . $myself . $fusebox['xfaAccessDenied'], 0); // 0 means no PHPSESSID }
_warning("WEmptyGroupCode", "Group code cannot be empty and may contain only letters and numbers, no spaces"); } } if (isset($attributes['fName'])) { $tmpoGroup->setName($attributes['fName']); } if (isset($attributes['fDescription'])) { $tmpoGroup->setDescription($attributes['fDescription']); } if (isset($attributes['fHomePage'])) { $tmpoGroup->setHomePage($attributes['fHomePage']); if (strlen($attributes['fHomePage']) && !$oFuseManager->getFuseaction($attributes['fHomePage'])) { _warning("WInvalidHomePage", "Specified home page is not found"); } } if (!_gotWarnings() && !_gotErrors()) { if (!empty($attributes['id'])) { if (!$oSecurityManager->setGroupByID($attributes['id'], $tmpoGroup)) { _error("ECannotSaveGroup", "Cannot save group \"" . $tmpoGroup->getName() . "\""); } else { _message("MGroupSaved", "Group saved successfully"); } } else { if (!$oSecurityManager->addGroup($tmpoGroup)) { _error("ECannotAddGroup", "Cannot add group \"" . $tmpoGroup->getName() . "\""); } else { _message("MGroupAdded", "Group added successfully"); } } _xfa("{$myself}admin.showGroups"); }
<?php if (empty($attributes['id'])) { _error("ENoLanguageGiven", "No language given"); } else { if ($oLanguageManager->removeLanguagesByID($attributes['id'])) { _message("MLanguagesRemoved", "Languages removed successfully"); } else { _warning("WLanguageNotRemoved", "Lanugage was not removed"); } } _xfa($myself . "admin.showLanguages");
<?php if (empty($attributes['id'])) { _error("ENoFuseactionGiven", "No page or action is given"); } else { $tmpFuseaction = false; if (isset($attributes['id']) && intval($attributes['id']) > 0) { $tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id'])); } else { _error("ENoValidFuseactionGiven", "No valid page or action is given"); } if (!$tmpFuseaction) { _error("ENoFuseactionFound", "No such page or action found in DB"); } else { if (!$oContentManager->deleteFuseactionTokens($tmpFuseaction->getID())) { _warning("WFuseactionNotCleared", "Cannot clear page content. DB error."); } else { _message("MFuseactionCleared", "Page content was removed successfully"); _xfa($myself . "admin.showContentPages"); } } } if (!_gotxfa()) { }
if ($oUserManager->checkUser($attributes['fLogin'])) { if ($userlogged = $oUserManager->loginUser($attributes['fLogin'], $attributes['fPwd'])) { $arrUserGroups = $oSecurityManager->pullUserGroups($userlogged->getID()); $userXFA = $fusebox['defaultFuseaction']; if ($arrUserGroups) { $userlogged->setGroups($arrUserGroups); if (!_gotxfa()) { //find valid user's home page foreach ($arrUserGroups as $tmpGroup) { if ($tmpGroup->getHomePage() && $oFuseManager->getFuseaction($tmpGroup->getHomePage())) { $userXFA = $tmpGroup->getHomePage(); } } } } _xfa($myself . $userXFA); $oUser = $userlogged; $log .= "'... success!"; } else { _warning("WIncorrectPassword", "Password provided for login {$attributes['fLogin']} is incorrect"); $log .= "'... failed."; } _log($log); } else { _warning("WNoSuchUser", "There is no user {$attributes['fLogin']} registered with system"); } } else { _warning("WEmptyLoginCredentials", "Cannot log in with empty login or password"); } if (!_gotErrors() && !_gotWarnings()) { _log("After successful login user became " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ")");
<? if(!empty($attributes['token'])){ if(!$ogMailTemplatesManager->deleteToken(0, $attributes['token'])){ _error("ENoTokenFound", "Record not found, perhaps already deleted"); } }else{ _error("ENoMailTemplateTokenGiven", "No mail template token is given"); } if(!_gotErrors() && !_gotWarnings()){ _message("MMailTemplateDeleted", "Mail template deleted successfully"); _xfa($myself . "admin.showMailTemplates"); } ?>
<?php if (empty($attributes['token']) && !empty($attributes['article'])) { $attributes['token'] = $attributes['article']; } else { if (empty($attributes['article']) && !empty($attributes['token'])) { $attributes['article'] = $attributes['token']; } } if (!empty($attributes['token']) && !empty($attributes['fName']) && !empty($attributes['fComment'])) { if (strlen($_SESSION['SecretUserString']) > 0) { if (!empty($attributes['fHString'])) { if ($_SESSION['SecretUserString'] != $attributes['fHString']) { _warning("WCaptchaStringNotMatch", "Secret user string not match"); } else { if ($ogArticleManager->storeComment($attributes['token'], $attributes['fName'], $attributes['fComment'])) { _message("MCommentAdded", "Your comment is added"); _xfa($myself . "home.showArticleComments&article=" . $attributes['token']); } else { _warning("WErrorSavingComment", "Error happened while saving comment, please try again"); } } } else { _warning("WCaptchaStringEmpty", "Secret user string is empty"); } } else { _warning("WCaptchaStringUnknown", "Secret user string is unknown"); } } else { _warning("WEnterComment", "Please enter your name and your comment"); }
<?php if (!empty($attributes['node'])) { if ($arrNode = $ogArticleTree->getNodeInfo($attributes['node'])) { $sql = "DELETE FROM " . $fusebox['tableArticles'] . " WHERE id_token = " . $arrNode['data_id']; if ($oDB->query($sql) && $ogArticleTree->removeNodes($attributes['node'])) { _message("MArticleRemoved", "Article removed"); } } else { _error("EArticleNodeNotExists", "Article node not exists"); } } else { _error("ENoArticleNodeGiven", "No article node given"); } _xfa($myself . "admin.showArticlesTree");
<?php $tmpUser = false; if (!empty($attributes['fLogin'])) { if ($tmpUser = $oUserManager->getUser($attributes['fLogin'])) { _log("Changing password for user " . $tmpUser->getLogin()); $strNewUserPassword = $oUserManager->resetPassword($tmpUser->getLogin()); } else { _warning("WNoSuchUser", "No user with such login exists"); } } else { _error("EWrongFormSubmitted", "Wrong form submitted"); } _xfa($myself . "home.showPasswordRecoverConfirmation");
<?php if (isset($attributes['fuseactionid']) && is_numeric($attributes['fuseactionid'])) { if (!empty($attributes['token'])) { $arrLanguages = $oLanguageManager->getLanguages(); foreach ($arrLanguages as $l) { $tmpFormFieldName = 'content_' . $l->getID(); if (isset($attributes[$tmpFormFieldName])) { $strContent = html_entity_decode($attributes[$tmpFormFieldName], ENT_COMPAT, $l->getEncoding()); if ($strContent !== false) { if (!$oSEOContentManager->pushContent($attributes['fuseactionid'], $l->getID(), $attributes['token'], $strContent)) { _warning("WSEOContentNotStored", "Something happened while storing SEO content"); } } else { _warning("WSEOContentCannotBeConverted", "SEO content cannot be converted to " . $l->getEncoding()); } } } } else { _error("ENoSEOTokenGiven", "No SEO token is given"); } } else { _error("ENoFuseactionGiven", "No page is given"); } _xfa($myself . "admin.showFuseactionSEOTokens&id=" . $attributes['fuseactionid']);
<?php if (!empty($attributes['id'])) { if (is_numeric($attributes['id'])) { _log("Removing user with ID " . $attributes['id']); if ($oSecurityManager->killUsersGroups($attributes['id']) && $oUserManager->removeUsersByID($attributes['id'])) { _message("MUserRemoved", "User removed successfully"); } else { _warning("WNoSuchUser", "No user with such ID found"); } } elseif (is_array($attributes['id'])) { _log("Removing users with IDs " . join(", ", $attributes['id'])); if ($oSecurityManager->killUsersGroups($attributes['id']) && $oUserManager->removeUsersByID($attributes['id'])) { _message("MUsersRemoved", "Users removed successfully"); } } else { _error("EInvalidUserID", "Invalid user ID"); } } else { _error("ENoUserGiven", "No user given"); } _xfa("{$myself}admin.showUsers");