public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $loggedInUser; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Log the user out if (isUserLoggedIn()) { $loggedInUser->userLogOut($this); } $s_u = site_url(); if (!empty($s_u)) { $add_http = ""; if (strpos(site_url(), "http://") === false) { $add_http = "http://"; } header("Location: " . $add_http . str_replace('.php', '', site_url())); die; } else { header("Location: http://" . $_SERVER['HTTP_HOST']); die; } }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $pages = getPageFiles(); //Retrieve list of pages in root usercake folder $dbpages = fetchAllPages(); //Retrieve list of pages in pages table $creations = array(); $deletions = array(); //Check if any pages exist which are not in DB foreach ($pages as $page) { if (!isset($dbpages[str_replace(".php", "", $page)])) { $creations[] = str_replace(".php", "", $page); } } //Enter new pages in DB if found if (count($creations) > 0) { createPages($creations); } if (count($dbpages) > 0) { //Check if DB contains pages that don't exist foreach ($dbpages as $page) { if (!isset($pages[$page['page'] . '.php'])) { $deletions[] = $page['id']; } } } //Delete pages from DB if not found if (count($deletions) > 0) { deletePages($deletions); } //Update DB pages $dbpages = fetchAllPages(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Pages</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>\r\n<form name='adminPages' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr><th>Delete</th><th>Id</th><th>Page</th><th>Access</th></tr>"; //Display list of pages foreach ($dbpages as $page) { echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $page['id'] . "]' id='delete[" . $page['id'] . "]' value='" . $page['id'] . "'></td>\r\n\t<td>\r\n\t" . $page['id'] . "\r\n\t</td>\r\n\t<td>\r\n\t<a href ='" . str_replace('index.php/', '', site_url('admin_page')) . "?id=" . $page['id'] . "'>" . $page['page'] . "</a>\r\n\t</td>\r\n\t<td>"; //Show public/private setting of page if ($page['private'] == 0) { echo "Public"; } else { echo "Private"; } echo "\r\n\t</td>\r\n\t</tr>"; } echo "\r\n</table>\r\n<input type = 'submit' value = 'Submit'/>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n<div id = 'createNewPage'>\r\n<a href ='" . str_replace('index.php/', '', site_url('new_page')) . "'>Add Page</a>\r\n</div>\r\n</body>\r\n</html>"; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { if (!empty($_POST['delete']) || !empty($_POST['newPermission'])) { //Delete permission levels if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); } } //Create new permission level if (!empty($_POST['newPermission'])) { $permission = trim($_POST['newPermission']); //Validate request if (permissionNameExists($permission)) { $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (createPermission($permission)) { $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } } } else { $errors[] = lang("NO_PERMISSION_SELECTED"); } } $permissionData = fetchAllPermissions(); //Retrieve list of all permission levels require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPermissions' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Permission Name</th>\r\n</tr>"; //List each permission level foreach ($permissionData as $v1) { echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_permission')) . "?id=" . $v1['id'] . "'>" . $v1['name'] . "</a></td>\r\n\t</tr>"; } echo "\r\n</table>\r\n<p>\r\n<label>Permission Name:</label>\r\n<input type='text' name='newPermission' />\r\n</p> \r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $this->load->view('index'); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deleteUsers($deletions)) { $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } else { $errors[] = lang("NO_SELECTION_TO_DELETE_USER"); } } $userData = fetchAllUsers(); //Fetch information for all users require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Users</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUsers' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r\n</tr>"; //Cycle through users foreach ($userData as $v1) { echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_user')) . "?id=" . $v1['id'] . "'>" . $v1['user_name'] . "</a></td>\r\n\t<td>" . $v1['display_name'] . "</td>\r\n\t<td>" . $v1['title'] . "</td>\r\n\t<td>\r\n\t"; //Interprety last login if ($v1['last_sign_in_stamp'] == '0') { echo "Never"; } else { echo date("j M, Y", $v1['last_sign_in_stamp']); } echo "\r\n\t</td>\r\n\t</tr>"; } echo "\r\n</table>\r\n<input type='submit' name='Submit' value='Delete' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } //Forms posted if (!empty($_POST)) { $errors = array(); $email = trim($_POST["email"]); $username = trim($_POST["username"]); $displayname = trim($_POST["displayname"]); $password = trim($_POST["password"]); $confirm_pass = trim($_POST["passwordc"]); $captcha = md5($_POST["captcha"]); if (strtolower($captcha) != strtolower($this->session->userdata('security_code'))) { $errors[] = lang("CAPTCHA_FAIL"); } else { $this->session->unset_userdata('security_code'); } if (minMaxRange(5, 25, $username)) { $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT", array(5, 25)); } if (!ctype_alnum($username)) { $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS"); } if (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25)); } if (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $confirm_pass)) { $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50)); } else { if ($password != $confirm_pass) { $errors[] = lang("ACCOUNT_PASS_MISMATCH"); } } if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } //End data validation if (count($errors) == 0) { //Construct a user object $user = new User($username, $displayname, $password, $email); //Checking this flag tells us whether there were any errors such as possible data duplication occured if (!$user->status) { if ($user->username_taken) { $errors[] = lang("ACCOUNT_USERNAME_IN_USE", array($username)); } if ($user->displayname_taken) { $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname)); } if ($user->email_taken) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } } else { //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) if (!$user->userCakeAddUser()) { if ($user->mail_failure) { $errors[] = lang("MAIL_ERROR"); } if ($user->sql_failure) { $errors[] = lang("SQL_ERROR"); } } } } if (count($errors) == 0) { $successes[] = $user->success; } } $vals = array('img_path' => './captcha/', 'img_url' => str_replace("index.php", "", site_url()) . '/captcha/', 'img_width' => '150', 'img_height' => 30, 'expiration' => 7200); $cap = create_captcha($vals); $this->session->set_userdata("security_code", md5($cap['word'])); $this->load->view('register', array("cap" => $cap)); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST) && $emailActivation) { $email = $_POST["email"]; $username = $_POST["username"]; //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 1) { $errors[] = lang("ACCOUNT_ALREADY_ACTIVE"); } else { if ($resend_activation_threshold == 0) { $hours_diff = 0; } else { $last_request = $userdetails["last_activation_request"]; $hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0); } if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } $this->load->view('resend_activation'); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL, $loggedInUser, $errors, $success; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { $pageName = $_POST['pageName']; $pageNameWithoutExt = str_replace(".php", "", $pageName); $defaultPages = fetchAllPages(); $pageCheck = false; foreach ($defaultPages as $indPage) { if ($indPage['page'] == $pageNameWithoutExt) { $pageCheck = true; } } if (preg_match('/^[A-Za-z][A-Za-z0-9]*(?:_[A-Za-z0-9]+)*$/', $pageNameWithoutExt) && !$pageCheck) { $comment = $_POST['pageComment']; $nameWords = explode("_", $pageNameWithoutExt); $className = ''; if (sizeof($nameWords)) { for ($i = 0; $i < sizeof($nameWords); $i++) { $sep = $i ? "_" : ""; $className .= $sep . ucfirst($nameWords[$i]); } } else { $className = ucfirst($pageNameWithoutExt); } $file = fopen("{$baseURL}/application/controllers/{$pageName}.php", "w"); fwrite($file, '<?php /* This pase was created by ' . $loggedInUser->displayname . ' at "' . date("Y m d H-i-s") . '". */ /* ' . $comment . ' */ class ' . $className . ' extends CI_Controller{ public function __construct(){ parent::__construct(); global $baseURL; $baseURL = getcwd(); // File requires to check logged in user information. require_once("$baseURL/application/third_party/user_cake/models/class.user.php"); // Basic helper and libraries $this->load->helper(); $this->load->library("session"); } public function index(){ global $baseURL; // Require config file require_once("$baseURL/application/third_party/user_cake/models/config.php"); // Write your code after this line // Code ends here // index function $this->load->view("' . $pageName . '"); } } ?>'); fclose($file); $file = fopen("{$baseURL}/application/views/{$pageName}.php", "w"); fwrite($file, '<?php global $baseURL; require_once("$baseURL/application/third_party/user_cake/models/header.php"); ?> <!DOCTYPE html PUBLIC \'-//W3C//DTD XHTML 1.0 Transitional//EN\' \'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\'> <html xmlns=\'http://www.w3.org/1999/xhtml\'> <head> <meta http-equiv=\'Content-Type\' content=\'text/html; charset=utf-8\' /> <title>' . $pageName . '</title> </head> <body> <div id="wrapper"> <div id="top"><div id="logo"></div></div> <div id="content"> <h1>UserCake (Via CupCake)</h1> <h2>Account</h2> <div id="left-nav"> <?php include("$baseURL/application/third_party/user_cake/left-nav.php"); ?> </div> <div id="main"> </div> <div id="bottom"></div> </div> </body> </html>'); fclose($file); $newPage = array(str_replace(".php", "", $pageName)); createPages($newPage); $successes[] = lang("PAGE_CREATED_SUCCESSFULLY", array($baseURL, $pageName)); } else { if ($pageCheck) { $errors[] = lang("USER_CREATED_PAGE_EXIST"); } else { $errors[] = lang("PAGE_VALIDATION_ERROR"); } } } require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Page</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='newPage' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<input type='hidden' name='process' value='1'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Add New Page</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>New Page Name:</label>\r\n<input type = 'text' name = 'pageName' id = 'pageName'><br/>\r\n(only underscore '_' is allowed as special character.)<br/>\r\n<label>Write your comment:</label><textarea rows = '5' cols = '30' name = 'pageComment' id = 'pageComment'></textarea><br/>\r\n<div>( This is only for documentation purpose. )</div>"; echo "<input type='submit' value='Create' class='submit'/>\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
<?php require_once "../models/config.php"; if (!securePage(__FILE__)) { // Forward to index page addAlert("danger", "Whoops, looks like you don't have permission to view that page."); header("Location: 404.php"); exit; } setReferralPage(getAbsoluteDocumentPath(__FILE__)); //Log the user out if (isUserLoggedIn()) { $loggedInUser->userLogOut(); } // Forward to index root page header("Location: " . SITE_ROOT); die; ?>
index.php ------------ product : PHP Invoice version : 1.0 build 1 (Beta) released : Sunday September 7 2003 copyright : Copyright © 2001-2009 Jeremy Hubert email : support@illanti.com website : http://www.illanti.com The starting point for the software. Login page. DO NOT EDIT unless you know what you are doing. ***************************************************************************/ define('SITE_ROOT', './'); require_once SITE_ROOT . 'includes/common.php'; securePage('none'); $tpl_main_file = 'login_framework.tpl'; $tpl =& new TemplateSystem(); if (isset($_POST['btnSubmit'])) { if ($_POST['email'] != '') { $method = 'email'; $value = $_POST['email']; } elseif ($_POST['username'] != '') { $method = 'username'; $value = $_POST['username']; } $client = $ISL->recoverPassword($method, $value); if (is_array($client)) { $e = new Emailer(); $e->setMainFile('forms/email_forgotpass.tpl'); $e->setFrom($SYSTEM['email']['from']);
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if (!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL, $token); if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } $this->load->view('forgot_password'); }
<?php require_once "models/config.php"; //for usercake if (!securePage(htmlspecialchars($_SERVER['PHP_SELF']))) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else {
invoices.php ------------ product : PHP Invoice version : 1.0 build 1 (Beta) released : Sunday September 7 2003 copyright : Copyright © 2001-2009 Jeremy Hubert email : support@illanti.com website : http://www.illanti.com The main page for the invoice software. Lists all invoices in the db. DO NOT EDIT unless you know what you are doing. ***************************************************************************/ define('SITE_ROOT', '../'); require_once SITE_ROOT . 'includes/common.php'; securePage('client'); $tpl =& new TemplateSystem(); $tpl->set('page_title', $lang['pt_invoice_overview']); $tpl->set('SYSTEM', $SYSTEM); $invoices = $ISL->FetchInvoices(); $tpl->set('tbody', 'client/invoice_overview.tpl'); $count['total'] = count($invoices); foreach ($invoices as $inv) { $count[$inv['curr_status']]++; $totals[$inv['curr_status']]['cost'] += $inv['cost']; $totals[$inv['curr_status']]['tax'] += $inv['tax']; $totals[$inv['curr_status']]['tax2'] += $inv['tax2']; $totals[$inv['curr_status']]['total'] += $inv['cost'] + $inv['tax'] + $inv['tax2'] + $inv['shipping']; } $tpl->set('invoices', $invoices); $tpl->set('count', $count);
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } //Forms posted if (!empty($_POST)) { global $errors; $errors = array(); $username = sanitize(trim($_POST["username"])); $password = trim($_POST["password"]); //Perform some validation //Feel free to edit / change as required if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $this->session->set_userdata('userCakeUser', $loggedInUser); // $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } } } } } $this->load->view('login'); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $permissionId = $_GET['id']; //Check if selected permission level exists if (!permissionIdExists($permissionId)) { header("Location: " . site_url('admin_permissions')); die; } $permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level //Forms posted if (!empty($_POST)) { //Delete selected permission level if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); header("Location: " . site_url('admin_permissions')); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update permission level name if ($permissionDetails[0]['name'] != $_POST['name']) { $permission = trim($_POST['name']); //Validate new name if (permissionNameExists($permission)) { $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (updatePermissionName($permissionId, $permission)) { $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove access to pages if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($permissionId, $remove)) { $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($permissionId, $add)) { $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Remove access to pages if (!empty($_POST['removePage'])) { $remove = $_POST['removePage']; if ($deletion_count = removePage($remove, $permissionId)) { $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPage'])) { $add = $_POST['addPage']; if ($addition_count = addPage($add, $permissionId)) { $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $permissionDetails = fetchPermissionDetails($permissionId); } } $pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages $permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership $userData = fetchAllUsers(); //Fetch all users $pageData = fetchAllPages(); //Fetch all pages require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:"; //List users with permission level foreach ($userData as $v1) { if (isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p><p>Add Members:"; //List users without permission level foreach ($userData as $v1) { if (!isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:"; //List public pages foreach ($pageData as $v1) { if ($v1['private'] != 1) { echo "<br>" . $v1['page']; } } echo "\r\n</p>\r\n<p>\r\nRemove Access:"; //List pages accessible to permission level foreach ($pageData as $v1) { if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p><p>Add Access:"; //List pages inaccessible to permission level foreach ($pageData as $v1) { if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { $cfgId = array(); $newSettings = $_POST['settings']; //Validate new site name if ($newSettings[1] != $websiteName) { $newWebsiteName = $newSettings[1]; if (minMaxRange(1, 150, $newWebsiteName)) { $errors[] = lang("CONFIG_NAME_CHAR_LIMIT", array(1, 150)); } else { if (count($errors) == 0) { $cfgId[] = 1; $cfgValue[1] = $newWebsiteName; $websiteName = $newWebsiteName; } } } //Validate new URL if ($newSettings[2] != $websiteUrl) { $newWebsiteUrl = $newSettings[2]; if (minMaxRange(1, 150, $newWebsiteUrl)) { $errors[] = lang("CONFIG_URL_CHAR_LIMIT", array(1, 150)); } else { if (substr($newWebsiteUrl, -1) != "/") { $errors[] = lang("CONFIG_INVALID_URL_END"); } else { if (count($errors) == 0) { $cfgId[] = 2; $cfgValue[2] = $newWebsiteUrl; $websiteUrl = $newWebsiteUrl; } } } } //Validate new site email address if ($newSettings[3] != $emailAddress) { $newEmail = $newSettings[3]; if (minMaxRange(1, 150, $newEmail)) { $errors[] = lang("CONFIG_EMAIL_CHAR_LIMIT", array(1, 150)); } elseif (!isValidEmail($newEmail)) { $errors[] = lang("CONFIG_EMAIL_INVALID"); } else { if (count($errors) == 0) { $cfgId[] = 3; $cfgValue[3] = $newEmail; $emailAddress = $newEmail; } } } //Validate email activation selection if ($newSettings[4] != $emailActivation) { $newActivation = $newSettings[4]; if ($newActivation != "true" and $newActivation != "false") { $errors[] = lang("CONFIG_ACTIVATION_TRUE_FALSE"); } else { if (count($errors) == 0) { $cfgId[] = 4; $cfgValue[4] = $newActivation; $emailActivation = $newActivation; } } } //Validate new email activation resend threshold if ($newSettings[5] != $resend_activation_threshold) { $newResend_activation_threshold = $newSettings[5]; if ($newResend_activation_threshold > 72 or $newResend_activation_threshold < 0) { $errors[] = lang("CONFIG_ACTIVATION_RESEND_RANGE", array(0, 72)); } else { if (count($errors) == 0) { $cfgId[] = 5; $cfgValue[5] = $newResend_activation_threshold; $resend_activation_threshold = $newResend_activation_threshold; } } } //Validate new language selection if ($newSettings[6] != $language) { $newLanguage = $newSettings[6]; if (minMaxRange(1, 150, $language)) { $errors[] = lang("CONFIG_LANGUAGE_CHAR_LIMIT", array(1, 150)); } elseif (!file_exists($baseURL . $newLanguage)) { $errors[] = lang("CONFIG_LANGUAGE_INVALID", array($newLanguage)); } else { if (count($errors) == 0) { $cfgId[] = 6; $cfgValue[6] = $newLanguage; $language = $newLanguage; } } } //Validate new template selection if ($newSettings[7] != $template) { $newTemplate = $newSettings[7]; if (minMaxRange(1, 150, $template)) { $errors[] = lang("CONFIG_TEMPLATE_CHAR_LIMIT", array(1, 150)); } elseif (!file_exists($baseURL . $newTemplate)) { $errors[] = lang("CONFIG_TEMPLATE_INVALID", array($newTemplate)); } else { if (count($errors) == 0) { $cfgId[] = 7; $cfgValue[7] = $newTemplate; $template = $newTemplate; } } } //Update configuration table with new settings if (count($errors) == 0 and count($cfgId) > 0) { updateConfig($cfgId, $cfgValue); $successes[] = lang("CONFIG_UPDATE_SUCCESSFUL"); } } $languages = getLanguageFiles(); //Retrieve list of language files $templates = getTemplateFiles(); //Retrieve list of template files $permissionData = fetchAllPermissions(); //Retrieve list of all permission levels require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Configuration</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<div id='regbox'>\r\n<form name='adminConfiguration' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<p>\r\n<label>Website Name:</label>\r\n<input type='text' name='settings[" . $settings['website_name']['id'] . "]' value='" . $websiteName . "' />\r\n</p>\r\n<p>\r\n<label>Website URL:</label>\r\n<input type='text' name='settings[" . $settings['website_url']['id'] . "]' value='" . $websiteUrl . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='settings[" . $settings['email']['id'] . "]' value='" . $emailAddress . "' />\r\n</p>\r\n<p>\r\n<label>Activation Threshold:</label>\r\n<input type='text' name='settings[" . $settings['resend_activation_threshold']['id'] . "]' value='" . $resend_activation_threshold . "' />\r\n</p>\r\n<p>\r\n<label>Language:</label>\r\n<select name='settings[" . $settings['language']['id'] . "]'>"; //Display language options foreach ($languages as $optLang) { if ($optLang == $language) { echo "<option value='" . $optLang . "' selected>{$optLang}</option>"; } else { echo "<option value='" . $optLang . "'>{$optLang}</option>"; } } echo "\r\n</select>\r\n</p>\r\n<p>\r\n<label>Email Activation:</label>\r\n<select name='settings[" . $settings['activation']['id'] . "]'>"; //Display email activation options if ($emailActivation == "true") { echo "\r\n\t<option value='true' selected>True</option>\r\n\t<option value='false'>False</option>\r\n\t</select>"; } else { echo "\r\n\t<option value='true'>True</option>\r\n\t<option value='false' selected>False</option>\r\n\t</select>"; } echo "</p>\r\n<p>\r\n<label>Template:</label>\r\n<select name='settings[" . $settings['template']['id'] . "]'>"; //Display template options foreach ($templates as $temp) { if ($temp == $template) { echo "<option value='" . $temp . "' selected>{$temp}</option>"; } else { echo "<option value='" . $temp . "'>{$temp}</option>"; } } echo "\r\n</select>\r\n</p>\r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
// Admin home // // Parameters: // none // //------------------------------------------------------------------------------------------ //PAGE VARIABLE $path_to_dynamik = "../common/"; // include global constants include $path_to_dynamik . "config.inc.php"; // include connection script include $path_to_dynamik . "connect.inc.php"; // include format functions include $path_to_dynamik . "login_access_fncs.inc.php"; //user must be logged-in to view this page securePage(); // include no cache headers include $path_to_dynamik . "no_cache.inc.php"; // include format functions include $path_to_dynamik . "format_functions.inc.php"; // include DB fetch functions include $path_to_dynamik . "db_fetch_fncs.inc.php"; // include DB operations functions include $path_to_dynamik . "db_ops_fncs.inc.php"; // load type of items to display (online / offline) $type = trim($_GET["type"]); // make sure type is set if ($type == "") { $type = "online"; } // transform $type into $online (Y/N)
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he is not logged in if (!isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('login'))); die; } if (!empty($_POST)) { $errors = array(); $successes = array(); $password = $_POST["password"]; $password_new = $_POST["passwordc"]; $password_confirm = $_POST["passwordcheck"]; $errors = array(); $email = $_POST["email"]; //Perform some validation //Feel free to edit / change as required //Confirm the hashes match before updating a users password $entered_pass = generateHash($password, $loggedInUser->hash_pw); if (trim($password) == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } else { if ($entered_pass != $loggedInUser->hash_pw) { //No match $errors[] = lang("ACCOUNT_PASSWORD_INVALID"); } } if ($email != $loggedInUser->email) { if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } else { if (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } } } //End data validation if (count($errors) == 0) { $loggedInUser->updateEmail($email); $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } } if ($password_new != "" or $password_confirm != "") { if (trim($password_new) == "") { $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); } else { if (trim($password_confirm) == "") { $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); } else { if (minMaxRange(8, 50, $password_new)) { $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50)); } else { if ($password_new != $password_confirm) { $errors[] = lang("ACCOUNT_PASS_MISMATCH"); } } } } //End data validation if (count($errors) == 0) { //Also prevent updating if someone attempts to update with the same password $entered_pass_new = generateHash($password_new, $loggedInUser->hash_pw); if ($entered_pass_new == $loggedInUser->hash_pw) { //Don't update, this fool is trying to update with the same password ¬¬ $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); } else { //This function will create the new hash and update the hash_pw property. $loggedInUser->updatePassword($password_new); $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); } } } if (count($errors) == 0 and count($successes) == 0) { $errors[] = lang("NOTHING_TO_UPDATE"); } } $this->load->view('user_settings'); }
invoices.php ------------ product : PHP Invoice version : 1.0 build 1 (Beta) released : Sunday September 7 2003 copyright : Copyright © 2001-2009 Jeremy Hubert email : support@illanti.com website : http://www.illanti.com The main page for the invoice software. Lists all invoices in the db. DO NOT EDIT unless you know what you are doing. ***************************************************************************/ define('SITE_ROOT', '../'); require_once SITE_ROOT . 'includes/common.php'; securePage('admin'); $param = isset($_GET['param']) ? $_GET['param'] : 'invoice_num'; $invoiceID = isset($_GET['id']) ? $_GET['id'] : 0; $item = isset($_GET['item']) ? $_GET['item'] : 0; $value = isset($_GET['value']) ? $_GET['value'] : 0; $search = isset($_GET['search']) ? $_GET['search'] : 0; $page = isset($_GET['page']) ? $_GET['page'] : 0; $message = ''; $tpl =& new TemplateSystem(); $tpl->set('page_title', $lang['pt_invoices']); $tpl->set('SYSTEM', $SYSTEM); // Delete Selected Invoice if (isset($_GET['del']) && isset($_GET['id'])) { $inv = $ISL->FetchInvoiceDetails($_GET['id']); if ($inv['curr_status'] == 'unsent') { $ISL->DeleteInvoice($_GET['id'], false);
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $userId = $_GET['id']; //Check if selected user exists if (!userIdExists($userId)) { header("Location: " . str_replace('index.php/', '', site_url('admin_users'))); die; } $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details //Forms posted if (!empty($_POST)) { //Delete selected account if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deleteUsers($deletions)) { $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update display name if ($userdetails['display_name'] != $_POST['display']) { $displayname = trim($_POST['display']); //Validate display name if (displayNameExists($displayname)) { $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname)); } elseif (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25)); } elseif (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } else { if (updateDisplayName($userId, $displayname)) { $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } } else { $displayname = $userdetails['display_name']; } //Activate account if (isset($_POST['activate']) && $_POST['activate'] == "activate") { if (setUserActive($userdetails['activation_token'])) { $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } //Update email if ($userdetails['email'] != $_POST['email']) { $email = trim($_POST["email"]); //Validate email if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } elseif (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($userId, $title)) { $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($add, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $userdetails = fetchUserDetails(NULL, NULL, $userId); } } $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>"; //Display activation link, if account inactive if ($userdetails['active'] == '1') { echo "Yes"; } else { echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t"; } echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>"; //Last sign in, interpretation if ($userdetails['last_sign_in_stamp'] == '0') { echo "Never"; } else { echo date("j M, Y", $userdetails['last_sign_in_stamp']); } echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:"; //List of permission levels user is apart of foreach ($permissionData as $v1) { if (isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } //List of permission levels user is not apart of echo "</p><p>Add Permission:"; foreach ($permissionData as $v1) { if (!isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
<?php require_once "models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } require_once "models/header.php"; echo "\r\n<div class='container'>\r\n<h1>PerunioCMS</h1>\r\n<p>\r\nHey, {$loggedInUser->displayname}. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is {$loggedInUser->title}, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signup) . ".\r\n</p>\r\n</div>"; require_once "models/footer.php";
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $pageId = $_GET['id']; //Check if selected pages exist if (!pageIdExists($pageId)) { header("Location: " . str_replace('index.php/', '', site_url('admin_pages'))); die; } $pageDetails = fetchPageDetails($pageId); //Fetch information specific to page //Forms posted if (!empty($_POST)) { $update = 0; if (!empty($_POST['private'])) { $private = $_POST['private']; } //Toggle private page setting if (isset($private) and $private == 'Yes') { if ($pageDetails['private'] == 0) { if (updatePrivate($pageId, 1)) { $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("private")); } else { $errors[] = lang("SQL_ERROR"); } } } elseif ($pageDetails['private'] == 1) { if (updatePrivate($pageId, 0)) { $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("public")); } else { $errors[] = lang("SQL_ERROR"); } } //Remove permission level(s) access to page if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePage($pageId, $remove)) { $successes[] = lang("PAGE_ACCESS_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add permission level(s) access to page if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPage($pageId, $add)) { $successes[] = lang("PAGE_ACCESS_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $pageDetails = fetchPageDetails($pageId); } $pagePermissions = fetchPagePermissions($pageId); $permissionData = fetchAllPermissions(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Page</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPage' action='" . $_SERVER['PHP_SELF'] . "?id=" . $pageId . "' method='post'>\r\n<input type='hidden' name='process' value='1'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Page Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $pageDetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n" . $pageDetails['page'] . "\r\n</p>\r\n<p>\r\n<label>Private:</label>"; //Display private checkbox if ($pageDetails['private'] == 1) { echo "<input type='checkbox' name='private' id='private' value='Yes' checked>"; } else { echo "<input type='checkbox' name='private' id='private' value='Yes'>"; } echo "\r\n</p>\r\n</div></td><td>\r\n<h3>Page Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Access:"; //Display list of permission levels with access foreach ($permissionData as $v1) { if (isset($pagePermissions[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p><p>Add Access:"; //Display list of permission levels without access foreach ($permissionData as $v1) { if (!isset($pagePermissions[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }