Exemple #1
0
function AdminMain()
{
    global $txt, $context, $scripturl, $modSettings, $settings, $sourcedir, $options, $boarddir, $backend_subdir;
    // Load the language and templates....
    loadLanguage('Admin');
    loadAdminTemplate('Admin');
    $context['robot_no_index'] = true;
    require_once $sourcedir . '/lib/Subs-Menu.php';
    // Some preferences.
    $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
    // Define all the menu structure - see Subs-Menu.php for details!
    $admin_areas = array('forum' => array('title' => $txt['admin_main'], 'permission' => array('admin_forum', 'manage_permissions', 'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news', 'manage_boards', 'manage_smileys', 'manage_attachments'), 'areas' => array('index' => array('label' => $txt['admin_center'], 'function' => 'AdminHome', 'icon' => 'administration.gif'), 'credits' => array('label' => $txt['support_credits_title'], 'function' => 'AdminHome', 'icon' => 'support.gif'), 'news' => array('label' => $txt['news_title'], 'file' => $backend_subdir . '/ManageNews.php', 'function' => 'ManageNews', 'icon' => 'news.gif', 'permission' => array('edit_news', 'send_mail', 'admin_forum'), 'subsections' => array('editnews' => array($txt['admin_edit_news'], 'edit_news'), 'mailingmembers' => array($txt['admin_newsletters'], 'send_mail'), 'settings' => array($txt['settings'], 'admin_forum'))), 'packages' => array('label' => $txt['package'], 'file' => $backend_subdir . '/Packages.php', 'function' => 'Packages', 'permission' => array('admin_forum'), 'icon' => 'packages.gif', 'subsections' => array('browse' => array($txt['browse_packages']), 'packageget' => array($txt['download_packages'], 'url' => $scripturl . '?action=admin;area=packages;sa=packageget;get'), 'installed' => array($txt['installed_packages']), 'perms' => array($txt['package_file_perms']), 'options' => array($txt['package_settings']))), 'plugins' => array('label' => $txt['plugins_title'], 'file' => $backend_subdir . '/Plugins.php', 'function' => 'PluginsMain', 'permission' => array('admin_forum'), 'icon' => 'packages.gif', 'subsections' => array('browse' => array($txt['browse_plugins']), 'hooks' => array($txt['browse_hooks']))), 'search' => array('function' => 'AdminSearch', 'permission' => array('admin_forum'), 'select' => 'index'))), 'config' => array('title' => $txt['admin_config'], 'permission' => array('admin_forum'), 'areas' => array('corefeatures' => array('label' => $txt['core_settings_title'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyCoreFeatures', 'icon' => 'corefeatures.gif'), 'featuresettings' => array('label' => $txt['modSettings_title'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyFeatureSettings', 'icon' => 'features.gif', 'subsections' => array('basic' => array($txt['mods_cat_features']), 'layout' => array($txt['mods_cat_layout']), 'sig' => array($txt['signature_settings_short']), 'profile' => array($txt['custom_profile_shorttitle'], 'enabled' => in_array('cp', $context['admin_features'])))), 'securitysettings' => array('label' => $txt['admin_security_moderation'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifySecuritySettings', 'icon' => 'security.gif', 'subsections' => array('general' => array($txt['mods_cat_security_general']), 'spam' => array($txt['antispam_title']), 'moderation' => array($txt['moderation_settings_short'], 'enabled' => substr($modSettings['warning_settings'], 0, 1) == 1))), 'languages' => array('label' => $txt['language_configuration'], 'file' => $backend_subdir . '/ManageServer.php', 'function' => 'ManageLanguages', 'icon' => 'languages.gif', 'subsections' => array('edit' => array($txt['language_edit']), 'add' => array($txt['language_add']), 'settings' => array($txt['language_settings']))), 'serversettings' => array('label' => $txt['admin_server_settings'], 'file' => $backend_subdir . '/ManageServer.php', 'function' => 'ModifySettings', 'icon' => 'server.gif', 'subsections' => array('general' => array($txt['general_settings']), 'database' => array($txt['database_paths_settings']), 'cookie' => array($txt['cookies_sessions_settings']), 'cache' => array($txt['caching_settings']), 'loads' => array($txt['load_balancing_settings']))), 'relatedtopics' => array('label' => $txt['admin_related_topic'], 'file' => $backend_subdir . '/RelatedTopics.php', 'function' => 'RelatedTopicsAdmin', 'subsections' => array('settings' => array($txt['admin_related_topics_settings']), 'methods' => array($txt['admin_related_topics_methods']))), 'current_theme' => array('label' => $txt['theme_current_settings'], 'file' => $backend_subdir . '/Themes.php', 'function' => 'ThemesMain', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=settings;th=' . $settings['theme_id'], 'icon' => 'current_theme.gif'), 'theme' => array('label' => $txt['theme_admin'], 'file' => $backend_subdir . '/Themes.php', 'function' => 'ThemesMain', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=admin', 'icon' => 'themes.gif', 'subsections' => array('admin' => array($txt['themeadmin_admin_title']), 'list' => array($txt['themeadmin_list_title']), 'reset' => array($txt['themeadmin_reset_title']), 'edit' => array($txt['themeadmin_edit_title']))), 'modsettings' => array('label' => $txt['admin_modifications'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifyModSettings', 'icon' => 'modifications.gif', 'related' => array($txt['admin_related_topic']), 'subsections' => array('general' => array($txt['mods_cat_modifications_misc']))), 'socialsettings' => array('label' => $txt['admin_social'], 'file' => $backend_subdir . '/ManageSettings.php', 'function' => 'ModifySocialSettings', 'subsections' => array('general' => array($txt['socialsettings_general']), 'astream' => array($txt['socialsettings_astream']))))), 'layout' => array('title' => $txt['layout_controls'], 'permission' => array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'), 'areas' => array('manageboards' => array('label' => $txt['admin_boards'], 'file' => $backend_subdir . '/ManageBoards.php', 'function' => 'ManageBoards', 'icon' => 'boards.gif', 'permission' => array('manage_boards'), 'subsections' => array('main' => array($txt['boardsEdit']), 'newcat' => array($txt['mboards_new_cat']), 'settings' => array($txt['settings'], 'admin_forum'))), 'postsettings' => array('label' => $txt['manageposts'], 'file' => $backend_subdir . '/ManagePosts.php', 'function' => 'ManagePostSettings', 'permission' => array('admin_forum'), 'icon' => 'posts.gif', 'subsections' => array('posts' => array($txt['manageposts_settings']), 'bbc' => array($txt['manageposts_bbc_settings']), 'censor' => array($txt['admin_censored_words']), 'topics' => array($txt['manageposts_topic_settings']), 'prefixes' => array($txt['manageposts_prefix_settings']), 'tags' => array($txt['manageposts_tag_settings']), 'ratings' => array($txt['karma']))), 'managecalendar' => array('label' => $txt['manage_calendar'], 'file' => $backend_subdir . '/ManageCalendar.php', 'function' => 'ManageCalendar', 'icon' => 'calendar.gif', 'permission' => array('admin_forum'), 'enabled' => in_array('cd', $context['admin_features']), 'subsections' => array('holidays' => array($txt['manage_holidays'], 'admin_forum', 'enabled' => !empty($modSettings['cal_enabled'])), 'settings' => array($txt['calendar_settings'], 'admin_forum'))), 'managesearch' => array('label' => $txt['manage_search'], 'file' => $backend_subdir . '/ManageSearch.php', 'function' => 'ManageSearch', 'icon' => 'search.gif', 'permission' => array('admin_forum'), 'subsections' => array('weights' => array($txt['search_weights']), 'method' => array($txt['search_method']), 'settings' => array($txt['settings']), 'managesphinx' => array($txt['search_managesphinx']))), 'smileys' => array('label' => $txt['smileys_manage'], 'file' => $backend_subdir . '/ManageSmileys.php', 'function' => 'ManageSmileys', 'icon' => 'smiley.gif', 'permission' => array('manage_smileys'), 'subsections' => array('editsets' => array($txt['smiley_sets']), 'addsmiley' => array($txt['smileys_add'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editsmileys' => array($txt['smileys_edit'], 'enabled' => !empty($modSettings['smiley_enable'])), 'setorder' => array($txt['smileys_set_order'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editicons' => array($txt['icons_edit_message_icons'], 'enabled' => !empty($modSettings['messageIcons_enable'])), 'settings' => array($txt['settings']))), 'manageattachments' => array('label' => $txt['attachments_avatars'], 'file' => $backend_subdir . '/ManageAttachments.php', 'function' => 'ManageAttachments', 'icon' => 'attachment.gif', 'permission' => array('manage_attachments'), 'subsections' => array('browse' => array($txt['attachment_manager_browse']), 'attachments' => array($txt['attachment_manager_settings']), 'avatars' => array($txt['attachment_manager_avatar_settings']), 'maintenance' => array($txt['attachment_manager_maintenance']))))), 'members' => array('title' => $txt['admin_manage_members'], 'permission' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'), 'areas' => array('viewmembers' => array('label' => $txt['admin_users'], 'file' => $backend_subdir . '/ManageMembers.php', 'function' => 'ViewMembers', 'icon' => 'members.gif', 'permission' => array('moderate_forum'), 'subsections' => array('all' => array($txt['view_all_members']), 'search' => array($txt['mlist_search']))), 'membergroups' => array('label' => $txt['admin_groups'], 'file' => $backend_subdir . '/ManageMembergroups.php', 'function' => 'ModifyMembergroups', 'icon' => 'membergroups.gif', 'permission' => array('manage_membergroups'), 'subsections' => array('index' => array($txt['membergroups_edit_groups'], 'manage_membergroups'), 'add' => array($txt['membergroups_new_group'], 'manage_membergroups'), 'settings' => array($txt['settings'], 'admin_forum'))), 'permissions' => array('label' => $txt['edit_permissions'], 'file' => $backend_subdir . '/ManagePermissions.php', 'function' => 'ModifyPermissions', 'icon' => 'permissions.gif', 'permission' => array('manage_permissions'), 'subsections' => array('index' => array($txt['permissions_groups'], 'manage_permissions'), 'board' => array($txt['permissions_boards'], 'manage_permissions'), 'profiles' => array($txt['permissions_profiles'], 'manage_permissions'), 'postmod' => array($txt['permissions_post_moderation'], 'manage_permissions', 'enabled' => $modSettings['postmod_active']), 'settings' => array($txt['settings'], 'admin_forum'))), 'regcenter' => array('label' => $txt['registration_center'], 'file' => $backend_subdir . '/ManageRegistration.php', 'function' => 'RegCenter', 'icon' => 'regcenter.gif', 'permission' => array('admin_forum', 'moderate_forum'), 'subsections' => array('register' => array($txt['admin_browse_register_new'], 'moderate_forum'), 'agreement' => array($txt['registration_agreement'], 'admin_forum'), 'reservednames' => array($txt['admin_reserved_set'], 'admin_forum'), 'settings' => array($txt['settings'], 'admin_forum'))), 'ban' => array('label' => $txt['ban_title'], 'file' => $backend_subdir . '/ManageBans.php', 'function' => 'Ban', 'icon' => 'ban.gif', 'permission' => 'manage_bans', 'subsections' => array('list' => array($txt['ban_edit_list']), 'add' => array($txt['ban_add_new']), 'browse' => array($txt['ban_trigger_browse']), 'log' => array($txt['ban_log']))), 'paidsubscribe' => array('label' => $txt['paid_subscriptions'], 'enabled' => in_array('ps', $context['admin_features']), 'file' => $backend_subdir . '/ManagePaid.php', 'icon' => 'paid.gif', 'function' => 'ManagePaidSubscriptions', 'permission' => 'admin_forum', 'subsections' => array('view' => array($txt['paid_subs_view']), 'settings' => array($txt['settings']))), 'sengines' => array('label' => $txt['search_engines'], 'enabled' => in_array('sp', $context['admin_features']), 'file' => $backend_subdir . '/ManageSearchEngines.php', 'icon' => 'engines.gif', 'function' => 'SearchEngines', 'permission' => 'admin_forum', 'subsections' => array('stats' => array($txt['spider_stats']), 'logs' => array($txt['spider_logs']), 'spiders' => array($txt['spiders']), 'settings' => array($txt['settings']))))), 'maintenance' => array('title' => $txt['admin_maintenance'], 'permission' => array('admin_forum'), 'areas' => array('maintain' => array('label' => $txt['maintain_title'], 'file' => $backend_subdir . '/ManageMaintenance.php', 'icon' => 'maintain.gif', 'function' => 'ManageMaintenance', 'subsections' => array('routine' => array($txt['maintain_sub_routine'], 'admin_forum'), 'database' => array($txt['maintain_sub_database'], 'admin_forum'), 'members' => array($txt['maintain_sub_members'], 'admin_forum'), 'topics' => array($txt['maintain_sub_topics'], 'admin_forum'))), 'scheduledtasks' => array('label' => $txt['maintain_tasks'], 'file' => $backend_subdir . '/ManageScheduledTasks.php', 'icon' => 'scheduled.gif', 'function' => 'ManageScheduledTasks', 'subsections' => array('tasks' => array($txt['maintain_tasks'], 'admin_forum'), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'))), 'mailqueue' => array('label' => $txt['mailqueue_title'], 'file' => $backend_subdir . '/ManageMail.php', 'function' => 'ManageMail', 'icon' => 'mail.gif', 'subsections' => array('browse' => array($txt['mailqueue_browse'], 'admin_forum'), 'settings' => array($txt['mailqueue_settings'], 'admin_forum'))), 'reports' => array('enabled' => in_array('rg', $context['admin_features']), 'label' => $txt['generate_reports'], 'file' => 'Reports.php', 'function' => 'ReportsMain', 'icon' => 'reports.gif'), 'logs' => array('label' => $txt['logs'], 'function' => 'AdminLogs', 'icon' => 'logs.gif', 'subsections' => array('errorlog' => array($txt['errlog'], 'admin_forum', 'enabled' => !empty($modSettings['enableErrorLogging']), 'url' => $scripturl . '?action=admin;area=logs;sa=errorlog;desc'), 'adminlog' => array($txt['admin_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'modlog' => array($txt['moderation_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'banlog' => array($txt['ban_log'], 'manage_bans'), 'spiderlog' => array($txt['spider_logs'], 'admin_forum', 'enabled' => in_array('sp', $context['admin_features'])), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'), 'pruning' => array($txt['pruning_title'], 'admin_forum'))), 'repairboards' => array('label' => $txt['admin_repair'], 'file' => $backend_subdir . '/RepairBoards.php', 'function' => 'RepairBoards', 'select' => 'maintain', 'hidden' => true))));
    if (!$modSettings['tags_active']) {
        unset($admin_areas['layout']['areas']['postsettings']['subsections']['tags']);
    }
    if (empty($modSettings['karmaMode'])) {
        unset($admin_areas['layout']['areas']['postsettings']['subsections']['ratings']);
    }
    // Any files to include for administration?
    if (!empty($modSettings['integrate_admin_include'])) {
        $admin_includes = explode(',', $modSettings['integrate_admin_include']);
        foreach ($admin_includes as $include) {
            $include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
            if (file_exists($include)) {
                require_once $include;
            }
        }
    }
    // Let them modify admin areas easily.
    HookAPI::callHook('integrate_admin_areas', array(&$admin_areas));
    SimpleSEF::adminAreas($admin_areas);
    // Make sure the administrator has a valid session...
    validateSession();
    // Actually create the menu!
    $admin_include_data = createMenu($admin_areas);
    unset($admin_areas);
    // Nothing valid?
    if ($admin_include_data == false) {
        fatal_lang_error('no_access', false);
    }
    // Build the link tree.
    $context['linktree'][] = array('url' => $scripturl . '?action=admin', 'name' => $txt['admin_center']);
    if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index') {
        $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['label']);
    }
    if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label']) {
        $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';sa=' . $admin_include_data['current_subsection'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['subsections'][$admin_include_data['current_subsection']][0]);
    }
    // Make a note of the Unique ID for this menu.
    $context['admin_menu_id'] = $context['max_menu_id'];
    $context['admin_menu_name'] = 'menu_data_' . $context['admin_menu_id'];
    // Why on the admin are we?
    $context['admin_area'] = $admin_include_data['current_area'];
    // Now - finally - call the right place!
    if (isset($admin_include_data['file'])) {
        require_once $sourcedir . '/' . $admin_include_data['file'];
    }
    $admin_include_data['function']();
}
Exemple #2
0
/**
 * Entry point for the moderation center.
 *
 * @param bool $dont_call = false
 */
function ModerationMain($dont_call = false)
{
    global $txt, $context, $scripturl, $sc, $modSettings, $user_info, $settings, $sourcedir, $options, $smcFunc;
    // Don't run this twice... and don't conflict with the admin bar.
    if (isset($context['admin_area'])) {
        return;
    }
    $context['can_moderate_boards'] = $user_info['mod_cache']['bq'] != '0=1';
    $context['can_moderate_groups'] = $user_info['mod_cache']['gq'] != '0=1';
    $context['can_moderate_approvals'] = $modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']);
    // Everyone using this area must be allowed here!
    if (!$context['can_moderate_boards'] && !$context['can_moderate_groups'] && !$context['can_moderate_approvals']) {
        isAllowedTo('access_mod_center');
    }
    // We're gonna want a menu of some kind.
    require_once $sourcedir . '/Subs-Menu.php';
    // Load the language, and the template.
    loadLanguage('ModerationCenter');
    loadTemplate(false, 'admin');
    $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
    $context['robot_no_index'] = true;
    // This is the menu structure - refer to Subs-Menu.php for the details.
    $moderation_areas = array('main' => array('title' => $txt['mc_main'], 'areas' => array('index' => array('label' => $txt['moderation_center'], 'function' => 'ModerationHome'), 'settings' => array('label' => $txt['mc_settings'], 'function' => 'ModerationSettings'), 'modlogoff' => array('label' => $txt['mc_logoff'], 'function' => 'ModEndSession', 'enabled' => empty($modSettings['securityDisable_moderate'])), 'notice' => array('file' => 'ModerationCenter.php', 'function' => 'ShowNotice', 'select' => 'index'))), 'logs' => array('title' => $txt['mc_logs'], 'areas' => array('modlog' => array('label' => $txt['modlog_view'], 'enabled' => !empty($modSettings['modlog_enabled']) && $context['can_moderate_boards'], 'file' => 'Modlog.php', 'function' => 'ViewModlog'), 'warnings' => array('label' => $txt['mc_warnings'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $context['can_moderate_boards'], 'function' => 'ViewWarnings', 'subsections' => array('log' => array($txt['mc_warning_log']), 'templates' => array($txt['mc_warning_templates'], 'issue_warning'))))), 'posts' => array('title' => $txt['mc_posts'], 'enabled' => $context['can_moderate_boards'] || $context['can_moderate_approvals'], 'areas' => array('postmod' => array('label' => $txt['mc_unapproved_posts'], 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.php', 'function' => 'PostModerationMain', 'custom_url' => $scripturl . '?action=moderate;area=postmod', 'subsections' => array('posts' => array($txt['mc_unapproved_replies']), 'topics' => array($txt['mc_unapproved_topics']))), 'attachmod' => array('label' => $txt['mc_unapproved_attachments'], 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.php', 'function' => 'PostModerationMain', 'custom_url' => $scripturl . '?action=moderate;area=attachmod;sa=attachments'), 'reports' => array('label' => $txt['mc_reported_posts'], 'enabled' => $context['can_moderate_boards'], 'file' => 'ModerationCenter.php', 'function' => 'ReportedPosts', 'subsections' => array('open' => array($txt['mc_reportedp_active']), 'closed' => array($txt['mc_reportedp_closed']))))), 'groups' => array('title' => $txt['mc_groups'], 'enabled' => $context['can_moderate_groups'], 'areas' => array('userwatch' => array('label' => $txt['mc_watched_users_title'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $context['can_moderate_boards'], 'function' => 'ViewWatchedUsers', 'subsections' => array('member' => array($txt['mc_watched_users_member']), 'post' => array($txt['mc_watched_users_post']))), 'groups' => array('label' => $txt['mc_group_requests'], 'file' => 'Groups.php', 'function' => 'Groups', 'custom_url' => $scripturl . '?action=moderate;area=groups;sa=requests'), 'viewgroups' => array('label' => $txt['mc_view_groups'], 'file' => 'Groups.php', 'function' => 'Groups'))));
    // Make sure the administrator has a valid session...
    validateSession('moderate');
    // I don't know where we're going - I don't know where we've been...
    $menuOptions = array('action' => 'moderate', 'disable_url_session_check' => true);
    $mod_include_data = createMenu($moderation_areas, $menuOptions);
    unset($moderation_areas);
    // We got something - didn't we? DIDN'T WE!
    if ($mod_include_data == false) {
        fatal_lang_error('no_access', false);
    }
    // Retain the ID information in case required by a subaction.
    $context['moderation_menu_id'] = $context['max_menu_id'];
    $context['moderation_menu_name'] = 'menu_data_' . $context['moderation_menu_id'];
    // What a pleasant shortcut - even tho we're not *really* on the admin screen who cares...
    $context['admin_area'] = $mod_include_data['current_area'];
    // Build the link tree.
    $context['linktree'][] = array('url' => $scripturl . '?action=moderate', 'name' => $txt['moderation_center']);
    if (isset($mod_include_data['current_area']) && $mod_include_data['current_area'] != 'index') {
        $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'], 'name' => $mod_include_data['label']);
    }
    if (!empty($mod_include_data['current_subsection']) && $mod_include_data['subsections'][$mod_include_data['current_subsection']][0] != $mod_include_data['label']) {
        $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'] . ';sa=' . $mod_include_data['current_subsection'], 'name' => $mod_include_data['subsections'][$mod_include_data['current_subsection']][0]);
    }
    // Now - finally - the bit before the encore - the main performance of course!
    if (!$dont_call) {
        if (isset($mod_include_data['file'])) {
            require_once $sourcedir . '/' . $mod_include_data['file'];
        }
        $mod_include_data['function']();
    }
}
 /**
  * Prepare menu, make checks, load files, and create moderation menu.
  * This can be called from the class, or from outside, to
  * set up moderation menu.
  */
 public function prepareModcenter()
 {
     global $txt, $context, $scripturl, $modSettings, $user_info, $options;
     // Don't run this twice... and don't conflict with the admin bar.
     if (isset($context['admin_area'])) {
         return;
     }
     $context['can_moderate_boards'] = $user_info['mod_cache']['bq'] != '0=1';
     $context['can_moderate_groups'] = $user_info['mod_cache']['gq'] != '0=1';
     $context['can_moderate_approvals'] = $modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']);
     // Everyone using this area must be allowed here!
     if (!$context['can_moderate_boards'] && !$context['can_moderate_groups'] && !$context['can_moderate_approvals']) {
         isAllowedTo('access_mod_center');
     }
     // We're gonna want a menu of some kind.
     require_once SUBSDIR . '/Menu.subs.php';
     // Load the language, and the template.
     loadLanguage('ModerationCenter');
     loadTemplate(false, 'admin');
     $context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
     $context['robot_no_index'] = true;
     // Moderation counts for things that this moderator can take care of
     require_once SUBSDIR . '/Moderation.subs.php';
     $mod_counts = loadModeratorMenuCounts();
     // This is the menu structure - refer to subs/Menu.subs.php for the details.
     $moderation_areas = array('main' => array('title' => $txt['mc_main'], 'areas' => array('index' => array('label' => $txt['moderation_center'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_moderationHome', 'icon' => 'transparent.png', 'class' => 'admin_img_home'), 'settings' => array('label' => $txt['mc_settings'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_moderationSettings', 'icon' => 'transparent.png', 'class' => 'admin_img_features'), 'modlogoff' => array('label' => $txt['mc_logoff'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_modEndSession', 'enabled' => empty($modSettings['securityDisable_moderate']), 'icon' => 'transparent.png', 'class' => 'admin_img_exit'), 'notice' => array('controller' => 'ModerationCenter_Controller', 'function' => 'action_showNotice', 'select' => 'index', 'icon' => 'transparent.png', 'class' => 'admin_img_news'))), 'logs' => array('title' => $txt['mc_logs'], 'areas' => array('modlog' => array('label' => $txt['modlog_view'], 'enabled' => !empty($modSettings['modlog_enabled']) && $context['can_moderate_boards'], 'file' => 'Modlog.controller.php', 'dir' => ADMINDIR, 'controller' => 'Modlog_Controller', 'function' => 'action_log', 'icon' => 'transparent.png', 'class' => 'admin_img_logs'), 'warnings' => array('label' => $txt['mc_warnings'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_viewWarnings', 'icon' => 'transparent.png', 'class' => 'admin_img_reports', 'subsections' => array('log' => array($txt['mc_warning_log']), 'templates' => array($txt['mc_warning_templates'], 'issue_warning'))))), 'posts' => array('title' => $txt['mc_posts'] . (!empty($mod_counts['pt_total']) ? ' [' . $mod_counts['pt_total'] . ']' : ''), 'enabled' => $context['can_moderate_boards'] || $context['can_moderate_approvals'], 'areas' => array('postmod' => array('label' => $txt['mc_unapproved_posts'] . (!empty($mod_counts['postmod']) ? ' [' . $mod_counts['postmod'] . ']' : ''), 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.controller.php', 'controller' => 'PostModeration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_posts', 'custom_url' => $scripturl . '?action=moderate;area=postmod', 'subsections' => array('posts' => array($txt['mc_unapproved_replies']), 'topics' => array($txt['mc_unapproved_topics']))), 'emailmod' => array('label' => $txt['mc_emailerror'] . (!empty($mod_counts['emailmod']) ? ' [' . $mod_counts['emailmod'] . ']' : ''), 'enabled' => !empty($modSettings['maillist_enabled']) && allowedTo('approve_emails'), 'file' => 'ManageMaillist.controller.php', 'dir' => ADMINDIR, 'function' => 'UnapprovedEmails', 'icon' => 'transparent.png', 'class' => 'admin_img_mail', 'custom_url' => $scripturl . '?action=admin;area=maillist;sa=emaillist'), 'attachmod' => array('label' => $txt['mc_unapproved_attachments'] . (!empty($mod_counts['attachments']) ? ' [' . $mod_counts['attachments'] . ']' : ''), 'enabled' => $context['can_moderate_approvals'], 'file' => 'PostModeration.controller.php', 'controller' => 'PostModeration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_attachment', 'custom_url' => $scripturl . '?action=moderate;area=attachmod;sa=attachments'), 'reports' => array('label' => $txt['mc_reported_posts'] . (!empty($mod_counts['reports']) ? ' [' . $mod_counts['reports'] . ']' : ''), 'enabled' => $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_reportedPosts', 'icon' => 'transparent.png', 'class' => 'admin_img_reports', 'subsections' => array('open' => array($txt['mc_reportedp_active'] . (!empty($mod_counts['reports']) ? ' [' . $mod_counts['reports'] . ']' : '')), 'closed' => array($txt['mc_reportedp_closed']))))), 'groups' => array('title' => $txt['mc_groups'] . (!empty($mod_counts['mg_total']) ? ' [' . $mod_counts['mg_total'] . ']' : ''), 'enabled' => $context['can_moderate_groups'], 'areas' => array('userwatch' => array('label' => $txt['mc_watched_users_title'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $context['can_moderate_boards'], 'controller' => 'ModerationCenter_Controller', 'function' => 'action_viewWatchedUsers', 'icon' => 'transparent.png', 'class' => 'admin_img_permissions', 'subsections' => array('member' => array($txt['mc_watched_users_member']), 'post' => array($txt['mc_watched_users_post']))), 'groups' => array('label' => $txt['mc_group_requests'] . (!empty($mod_counts['groupreq']) ? ' [' . $mod_counts['groupreq'] . ']' : ''), 'file' => 'Groups.controller.php', 'controller' => 'Groups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_regcenter', 'custom_url' => $scripturl . '?action=moderate;area=groups;sa=requests'), 'members' => array('enabled' => allowedTo('moderate_forum'), 'label' => $txt['mc_member_requests'] . (!empty($mod_counts['memberreq']) ? ' [' . $mod_counts['memberreq'] . ']' : ''), 'file' => 'ManageMembers.controller.php', 'controller' => 'ManageMembers_Controller', 'function' => 'action_approve', 'icon' => 'transparent.png', 'class' => 'admin_img_members', 'custom_url' => $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve'), 'viewgroups' => array('label' => $txt['mc_view_groups'], 'file' => 'Groups.controller.php', 'controller' => 'Groups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_membergroups'))));
     // Make sure the administrator has a valid session...
     validateSession('moderate');
     // I don't know where we're going - I don't know where we've been...
     $menuOptions = array('action' => 'moderate', 'hook' => 'moderation', 'disable_url_session_check' => true, 'default_include_dir' => CONTROLLERDIR);
     $mod_include_data = createMenu($moderation_areas, $menuOptions);
     unset($moderation_areas);
     // We got something - didn't we? DIDN'T WE!
     if ($mod_include_data == false) {
         fatal_lang_error('no_access', false);
     }
     // Retain the ID information in case required by a subaction.
     $context['moderation_menu_id'] = $context['max_menu_id'];
     $context['moderation_menu_name'] = 'menu_data_' . $context['moderation_menu_id'];
     $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['moderation_center'], 'help' => '', 'description' => sprintf($txt['mc_description'], $context['user']['name'], $scripturl . '?action=moderate;area=settings'));
     // What a pleasant shortcut - even tho we're not *really* on the admin screen who cares...
     $context['admin_area'] = $mod_include_data['current_area'];
     // Build the link tree.
     $context['linktree'][] = array('url' => $scripturl . '?action=moderate', 'name' => $txt['moderation_center']);
     if (isset($mod_include_data['current_area']) && $mod_include_data['current_area'] != 'index') {
         $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'], 'name' => $mod_include_data['label']);
     }
     if (!empty($mod_include_data['current_subsection']) && $mod_include_data['subsections'][$mod_include_data['current_subsection']][0] != $mod_include_data['label']) {
         $context['linktree'][] = array('url' => $scripturl . '?action=moderate;area=' . $mod_include_data['current_area'] . ';sa=' . $mod_include_data['current_subsection'], 'name' => $mod_include_data['subsections'][$mod_include_data['current_subsection']][0]);
     }
     // Finally, store this, so that if we're called from the class, it can use it.
     $this->_mod_include_data = $mod_include_data;
 }
 /**
  * Set up the context for the announce topic function (action=announce).
  * This function is called before the flow is redirected to action_selectgroup() or action_send().
  *
  * checks the topic announcement permissions and loads the announcement template.
  * requires the announce_topic permission.
  * uses the Announce template and Post language file.
  */
 public function pre_dispatch()
 {
     global $context, $txt, $topic;
     isAllowedTo('announce_topic');
     validateSession();
     if (empty($topic)) {
         fatal_lang_error('topic_gone', false);
     }
     loadLanguage('Post');
     loadTemplate('Announce');
     $context['page_title'] = $txt['announce_topic'];
 }
 /**
  * @param $session_db		array('user_id' => id, 'current' => 'hash_of_current_time_on_db', 'expire' => 'hash_of_expire_at_on_db')
  * @param $current_time 		String of current DateTime
  * @return True 				if session between has_current_time and $hash_expire_at
  */
 public function isValidSession($session_db, $current_time)
 {
     if (session_status() !== PHP_SESSION_ACTIVE) {
         session_start();
     }
     if (validateSession($user_id, $current_time, $expire_at, $hash_expire_at)) {
         return true;
     } else {
         session_destroy();
         return false;
     }
 }
 /**
  * The main admin handling function.
  *
  * What it does:
  * - It initialises all the basic context required for the admin center.
  * - It passes execution onto the relevant admin section.
  * - If the passed section is not found it shows the admin home page.
  * - Accessed by ?action=admin.
  */
 public function action_index()
 {
     global $txt, $context, $scripturl, $modSettings, $settings;
     // Make sure the administrator has a valid session...
     validateSession();
     // Load the language and templates....
     loadLanguage('Admin');
     loadTemplate('Admin', 'admin');
     loadJavascriptFile('admin.js', array(), 'admin_script');
     // The Admin functions require Jquery UI ....
     $modSettings['jquery_include_ui'] = true;
     // No indexing evil stuff.
     $context['robot_no_index'] = true;
     // Need these to do much
     require_once SUBSDIR . '/Menu.subs.php';
     require_once SUBSDIR . '/Action.class.php';
     // Define the menu structure - see subs/Menu.subs.php for details!
     $admin_areas = array('forum' => array('title' => $txt['admin_main'], 'permission' => array('admin_forum', 'manage_permissions', 'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news', 'manage_boards', 'manage_smileys', 'manage_attachments'), 'areas' => array('index' => array('label' => $txt['admin_center'], 'controller' => 'Admin_Controller', 'function' => 'action_home', 'icon' => 'transparent.png', 'class' => 'admin_img_administration'), 'credits' => array('label' => $txt['support_credits_title'], 'controller' => 'Admin_Controller', 'function' => 'action_credits', 'icon' => 'transparent.png', 'class' => 'admin_img_support'), 'maillist' => array('label' => $txt['mail_center'], 'file' => 'ManageMaillist.controller.php', 'controller' => 'ManageMaillist_Controller', 'function' => 'action_index', 'icon' => 'mail.png', 'class' => 'admin_img_mail', 'permission' => array('approve_emails', 'admin_forum'), 'enabled' => in_array('pe', $context['admin_features']), 'subsections' => array('emaillist' => array($txt['mm_emailerror'], 'approve_emails'), 'emailfilters' => array($txt['mm_emailfilters'], 'admin_forum'), 'emailparser' => array($txt['mm_emailparsers'], 'admin_forum'), 'emailtemplates' => array($txt['mm_emailtemplates'], 'approve_emails'), 'emailsettings' => array($txt['mm_emailsettings'], 'admin_forum'))), 'news' => array('label' => $txt['news_title'], 'file' => 'ManageNews.controller.php', 'controller' => 'ManageNews_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_news', 'permission' => array('edit_news', 'send_mail', 'admin_forum'), 'subsections' => array('editnews' => array($txt['admin_edit_news'], 'edit_news'), 'mailingmembers' => array($txt['admin_newsletters'], 'send_mail'), 'settings' => array($txt['settings'], 'admin_forum'))), 'packages' => array('label' => $txt['package'], 'file' => 'Packages.controller.php', 'controller' => 'Packages_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_packages', 'subsections' => array('browse' => array($txt['browse_packages']), 'installed' => array($txt['installed_packages']), 'perms' => array($txt['package_file_perms']), 'options' => array($txt['package_settings']), 'servers' => array($txt['download_packages']), 'upload' => array($txt['upload_packages']))), 'packageservers' => array('label' => $txt['package_servers'], 'file' => 'PackageServers.controller.php', 'controller' => 'PackageServers_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_packages', 'hidden' => true), 'search' => array('controller' => 'Admin_Controller', 'function' => 'action_search', 'permission' => array('admin_forum'), 'select' => 'index'), 'adminlogoff' => array('controller' => 'Admin_Controller', 'function' => 'action_endsession', 'label' => $txt['admin_logoff'], 'enabled' => empty($modSettings['securityDisable']), 'icon' => 'transparent.png', 'class' => 'admin_img_exit'))), 'config' => array('title' => $txt['admin_config'], 'permission' => array('admin_forum'), 'areas' => array('corefeatures' => array('label' => $txt['core_settings_title'], 'file' => 'CoreFeatures.controller.php', 'controller' => 'CoreFeatures_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_corefeatures'), 'featuresettings' => array('label' => $txt['modSettings_title'], 'file' => 'ManageFeatures.controller.php', 'controller' => 'ManageFeatures_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_features', 'subsections' => array('basic' => array($txt['mods_cat_features']), 'layout' => array($txt['mods_cat_layout']), 'pmsettings' => array($txt['personal_messages']), 'karma' => array($txt['karma'], 'enabled' => in_array('k', $context['admin_features'])), 'likes' => array($txt['likes'], 'enabled' => in_array('l', $context['admin_features'])), 'mention' => array($txt['mention']), 'sig' => array($txt['signature_settings_short']), 'profile' => array($txt['custom_profile_shorttitle'], 'enabled' => in_array('cp', $context['admin_features'])))), 'serversettings' => array('label' => $txt['admin_server_settings'], 'file' => 'ManageServer.controller.php', 'controller' => 'ManageServer_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_server', 'subsections' => array('general' => array($txt['general_settings']), 'database' => array($txt['database_paths_settings']), 'cookie' => array($txt['cookies_sessions_settings']), 'cache' => array($txt['caching_settings']), 'loads' => array($txt['load_balancing_settings']), 'phpinfo' => array($txt['phpinfo_settings']))), 'securitysettings' => array('label' => $txt['admin_security_moderation'], 'file' => 'ManageSecurity.controller.php', 'controller' => 'ManageSecurity_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_security', 'subsections' => array('general' => array($txt['mods_cat_security_general']), 'spam' => array($txt['antispam_title']), 'badbehavior' => array($txt['badbehavior_title']), 'moderation' => array($txt['moderation_settings_short'], 'enabled' => !empty($modSettings['warning_enable'])))), 'theme' => array('label' => $txt['theme_admin'], 'file' => 'ManageThemes.controller.php', 'controller' => 'ManageThemes_Controller', 'function' => 'action_index', 'custom_url' => $scripturl . '?action=admin;area=theme', 'icon' => 'transparent.png', 'class' => 'admin_img_themes', 'subsections' => array('admin' => array($txt['themeadmin_admin_title']), 'list' => array($txt['themeadmin_list_title']), 'reset' => array($txt['themeadmin_reset_title']), 'themelist' => array($txt['themeadmin_edit_title'], 'active' => array('edit', 'browse')), 'edit' => array($txt['themeadmin_edit_title'], 'enabled' => false), 'browse' => array($txt['themeadmin_edit_title'], 'enabled' => false))), 'current_theme' => array('label' => $txt['theme_current_settings'], 'file' => 'ManageThemes.controller.php', 'controller' => 'ManageThemes_Controller', 'function' => 'action_index', 'custom_url' => $scripturl . '?action=admin;area=theme;sa=list;th=' . $settings['theme_id'], 'icon' => 'transparent.png', 'class' => 'admin_img_current_theme'), 'languages' => array('label' => $txt['language_configuration'], 'file' => 'ManageLanguages.controller.php', 'controller' => 'ManageLanguages_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_languages', 'subsections' => array('edit' => array($txt['language_edit']), 'settings' => array($txt['language_settings']))), 'addonsettings' => array('label' => $txt['admin_modifications'], 'file' => 'AddonSettings.controller.php', 'controller' => 'AddonSettings_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_modifications', 'subsections' => array('general' => array($txt['mods_cat_modifications_misc']))))), 'layout' => array('title' => $txt['layout_controls'], 'permission' => array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'), 'areas' => array('manageboards' => array('label' => $txt['admin_boards'], 'file' => 'ManageBoards.controller.php', 'controller' => 'ManageBoards_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_boards', 'permission' => array('manage_boards'), 'subsections' => array('main' => array($txt['boardsEdit']), 'newcat' => array($txt['mboards_new_cat']), 'settings' => array($txt['settings'], 'admin_forum'))), 'postsettings' => array('label' => $txt['manageposts'], 'file' => 'ManagePosts.controller.php', 'controller' => 'ManagePosts_Controller', 'function' => 'action_index', 'permission' => array('admin_forum'), 'icon' => 'transparent.png', 'class' => 'admin_img_posts', 'subsections' => array('posts' => array($txt['manageposts_settings']), 'bbc' => array($txt['manageposts_bbc_settings']), 'censor' => array($txt['admin_censored_words']), 'topics' => array($txt['manageposts_topic_settings']))), 'smileys' => array('label' => $txt['smileys_manage'], 'file' => 'ManageSmileys.controller.php', 'controller' => 'ManageSmileys_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_smiley', 'permission' => array('manage_smileys'), 'subsections' => array('editsets' => array($txt['smiley_sets']), 'addsmiley' => array($txt['smileys_add'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editsmileys' => array($txt['smileys_edit'], 'enabled' => !empty($modSettings['smiley_enable'])), 'setorder' => array($txt['smileys_set_order'], 'enabled' => !empty($modSettings['smiley_enable'])), 'editicons' => array($txt['icons_edit_message_icons'], 'enabled' => !empty($modSettings['messageIcons_enable'])), 'settings' => array($txt['settings']))), 'manageattachments' => array('label' => $txt['attachments_avatars'], 'file' => 'ManageAttachments.controller.php', 'controller' => 'ManageAttachments_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_attachment', 'permission' => array('manage_attachments'), 'subsections' => array('browse' => array($txt['attachment_manager_browse']), 'attachments' => array($txt['attachment_manager_settings']), 'avatars' => array($txt['attachment_manager_avatar_settings']), 'attachpaths' => array($txt['attach_directories']), 'maintenance' => array($txt['attachment_manager_maintenance']))), 'managesearch' => array('label' => $txt['manage_search'], 'file' => 'ManageSearch.controller.php', 'controller' => 'ManageSearch_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_search', 'permission' => array('admin_forum'), 'subsections' => array('weights' => array($txt['search_weights']), 'method' => array($txt['search_method']), 'managesphinx' => array($txt['search_sphinx']), 'settings' => array($txt['settings']))), 'managecalendar' => array('label' => $txt['manage_calendar'], 'file' => 'ManageCalendar.controller.php', 'controller' => 'ManageCalendar_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_calendar', 'permission' => array('admin_forum'), 'enabled' => in_array('cd', $context['admin_features']), 'subsections' => array('holidays' => array($txt['manage_holidays'], 'admin_forum', 'enabled' => !empty($modSettings['cal_enabled'])), 'settings' => array($txt['calendar_settings'], 'admin_forum'))), 'managedrafts' => array('label' => $txt['manage_drafts'], 'file' => 'ManageDrafts.controller.php', 'controller' => 'ManageDrafts_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_logs', 'permission' => array('admin_forum'), 'enabled' => in_array('dr', $context['admin_features'])))), 'members' => array('title' => $txt['admin_manage_members'], 'permission' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'), 'areas' => array('viewmembers' => array('label' => $txt['admin_users'], 'file' => 'ManageMembers.controller.php', 'controller' => 'ManageMembers_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_members', 'permission' => array('moderate_forum'), 'subsections' => array('all' => array($txt['view_all_members']), 'search' => array($txt['mlist_search']))), 'membergroups' => array('label' => $txt['admin_groups'], 'file' => 'ManageMembergroups.controller.php', 'controller' => 'ManageMembergroups_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_membergroups', 'permission' => array('manage_membergroups'), 'subsections' => array('index' => array($txt['membergroups_edit_groups'], 'manage_membergroups'), 'add' => array($txt['membergroups_new_group'], 'manage_membergroups'), 'settings' => array($txt['settings'], 'admin_forum'))), 'permissions' => array('label' => $txt['edit_permissions'], 'file' => 'ManagePermissions.controller.php', 'controller' => 'ManagePermissions_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_permissions', 'permission' => array('manage_permissions'), 'subsections' => array('index' => array($txt['permissions_groups'], 'manage_permissions'), 'board' => array($txt['permissions_boards'], 'manage_permissions'), 'profiles' => array($txt['permissions_profiles'], 'manage_permissions'), 'postmod' => array($txt['permissions_post_moderation'], 'manage_permissions', 'enabled' => $modSettings['postmod_active']), 'settings' => array($txt['settings'], 'admin_forum'))), 'ban' => array('label' => $txt['ban_title'], 'file' => 'ManageBans.controller.php', 'controller' => 'ManageBans_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_ban', 'permission' => 'manage_bans', 'subsections' => array('list' => array($txt['ban_edit_list']), 'add' => array($txt['ban_add_new']), 'browse' => array($txt['ban_trigger_browse']), 'log' => array($txt['ban_log']))), 'regcenter' => array('label' => $txt['registration_center'], 'file' => 'ManageRegistration.controller.php', 'controller' => 'ManageRegistration_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_regcenter', 'permission' => array('admin_forum', 'moderate_forum'), 'subsections' => array('register' => array($txt['admin_browse_register_new'], 'moderate_forum'), 'agreement' => array($txt['registration_agreement'], 'admin_forum'), 'reservednames' => array($txt['admin_reserved_set'], 'admin_forum'), 'settings' => array($txt['settings'], 'admin_forum'))), 'sengines' => array('label' => $txt['search_engines'], 'enabled' => in_array('sp', $context['admin_features']), 'file' => 'ManageSearchEngines.controller.php', 'controller' => 'ManageSearchEngines_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_engines', 'permission' => 'admin_forum', 'subsections' => array('stats' => array($txt['spider_stats']), 'logs' => array($txt['spider_logs']), 'spiders' => array($txt['spiders']), 'settings' => array($txt['settings']))), 'paidsubscribe' => array('label' => $txt['paid_subscriptions'], 'enabled' => in_array('ps', $context['admin_features']), 'file' => 'ManagePaid.controller.php', 'controller' => 'ManagePaid_Controller', 'icon' => 'transparent.png', 'class' => 'admin_img_paid', 'function' => 'action_index', 'permission' => 'admin_forum', 'subsections' => array('view' => array($txt['paid_subs_view']), 'settings' => array($txt['settings']))))), 'maintenance' => array('title' => $txt['admin_maintenance'], 'permission' => array('admin_forum'), 'areas' => array('maintain' => array('label' => $txt['maintain_title'], 'file' => 'Maintenance.controller.php', 'controller' => 'Maintenance_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_maintain', 'subsections' => array('routine' => array($txt['maintain_sub_routine'], 'admin_forum'), 'database' => array($txt['maintain_sub_database'], 'admin_forum'), 'members' => array($txt['maintain_sub_members'], 'admin_forum'), 'topics' => array($txt['maintain_sub_topics'], 'admin_forum'), 'hooks' => array($txt['maintain_sub_hooks_list'], 'admin_forum'), 'attachments' => array($txt['maintain_sub_attachments'], 'admin_forum'))), 'logs' => array('label' => $txt['logs'], 'file' => 'AdminLog.controller.php', 'controller' => 'AdminLog_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_logs', 'subsections' => array('errorlog' => array($txt['errlog'], 'admin_forum', 'enabled' => !empty($modSettings['enableErrorLogging']), 'url' => $scripturl . '?action=admin;area=logs;sa=errorlog;desc'), 'adminlog' => array($txt['admin_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'modlog' => array($txt['moderation_log'], 'admin_forum', 'enabled' => in_array('ml', $context['admin_features'])), 'banlog' => array($txt['ban_log'], 'manage_bans'), 'spiderlog' => array($txt['spider_logs'], 'admin_forum', 'enabled' => in_array('sp', $context['admin_features'])), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'), 'badbehaviorlog' => array($txt['badbehavior_log'], 'admin_forum', 'enabled' => !empty($modSettings['badbehavior_enabled']), 'url' => $scripturl . '?action=admin;area=logs;sa=badbehaviorlog;desc'), 'pruning' => array($txt['pruning_title'], 'admin_forum'))), 'scheduledtasks' => array('label' => $txt['maintain_tasks'], 'file' => 'ManageScheduledTasks.controller.php', 'controller' => 'ManageScheduledTasks_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_scheduled', 'subsections' => array('tasks' => array($txt['maintain_tasks'], 'admin_forum'), 'tasklog' => array($txt['scheduled_log'], 'admin_forum'))), 'mailqueue' => array('label' => $txt['mailqueue_title'], 'file' => 'ManageMail.controller.php', 'controller' => 'ManageMail_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_mail', 'subsections' => array('browse' => array($txt['mailqueue_browse'], 'admin_forum'), 'settings' => array($txt['mailqueue_settings'], 'admin_forum'))), 'reports' => array('enabled' => in_array('rg', $context['admin_features']), 'label' => $txt['generate_reports'], 'file' => 'Reports.controller.php', 'controller' => 'Reports_Controller', 'function' => 'action_index', 'icon' => 'transparent.png', 'class' => 'admin_img_reports'), 'repairboards' => array('label' => $txt['admin_repair'], 'file' => 'RepairBoards.controller.php', 'controller' => 'RepairBoards_Controller', 'function' => 'action_repairboards', 'select' => 'maintain', 'hidden' => true))));
     // Any files to include for administration?
     call_integration_include_hook('integrate_admin_include');
     $menuOptions = array('hook' => 'admin', 'default_include_dir' => ADMINDIR);
     // Actually create the menu!
     $admin_include_data = createMenu($admin_areas, $menuOptions);
     unset($admin_areas);
     // Nothing valid?
     if ($admin_include_data == false) {
         fatal_lang_error('no_access', false);
     }
     // Build the link tree.
     $context['linktree'][] = array('url' => $scripturl . '?action=admin', 'name' => $txt['admin_center']);
     if (isset($admin_include_data['current_area']) && $admin_include_data['current_area'] != 'index') {
         $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['label']);
     }
     if (!empty($admin_include_data['current_subsection']) && $admin_include_data['subsections'][$admin_include_data['current_subsection']][0] != $admin_include_data['label']) {
         $context['linktree'][] = array('url' => $scripturl . '?action=admin;area=' . $admin_include_data['current_area'] . ';sa=' . $admin_include_data['current_subsection'] . ';' . $context['session_var'] . '=' . $context['session_id'], 'name' => $admin_include_data['subsections'][$admin_include_data['current_subsection']][0]);
     }
     // Make a note of the Unique ID for this menu.
     $context['admin_menu_id'] = $context['max_menu_id'];
     $context['admin_menu_name'] = 'menu_data_' . $context['admin_menu_id'];
     // Where in the admin are we?
     $context['admin_area'] = $admin_include_data['current_area'];
     // Now - finally - call the right place!
     if (isset($admin_include_data['file'])) {
         require_once $admin_include_data['file'];
     }
     callMenu($admin_include_data);
 }
Exemple #7
0
function EnableCoreFeatures()
{
    global $context, $smcFunc, $sourcedir, $modSettings, $txt;
    $context['xml_data'] = array();
    // Just in case, maybe we don't need it
    loadLanguage('Errors');
    // We need (at least) this to ensure that mod files are included
    if (!empty($modSettings['integrate_admin_include'])) {
        $admin_includes = explode(',', $modSettings['integrate_admin_include']);
        foreach ($admin_includes as $include) {
            $include = strtr(trim($include), array('$boarddir' => $boarddir, '$sourcedir' => $sourcedir, '$themedir' => $settings['theme_dir']));
            if (file_exists($include)) {
                require_once $include;
            }
        }
    }
    $errors = array();
    $returns = array();
    $tokens = array();
    if (allowedTo('admin_forum')) {
        $validation = validateSession();
        if (empty($validation)) {
            require_once $sourcedir . '/ManageSettings.php';
            $result = ModifyCoreFeatures();
            if (empty($result)) {
                $id = isset($_POST['feature_id']) ? $_POST['feature_id'] : '';
                if (!empty($id) && isset($context['features'][$id])) {
                    $feature = $context['features'][$id];
                    $returns[] = array('value' => !empty($_POST['feature_' . $id]) && $feature['url'] ? '<a href="' . $feature['url'] . '">' . $feature['title'] . '</a>' : $feature['title']);
                    createToken('admin-core', 'post');
                    $tokens = array(array('value' => $context['admin-core_token'], 'attributes' => array('type' => 'token_var')), array('value' => $context['admin-core_token_var'], 'attributes' => array('type' => 'token')));
                } else {
                    $errors[] = array('value' => $txt['feature_no_exists']);
                }
            } else {
                $errors[] = array('value' => $txt[$result]);
            }
        } else {
            $errors[] = array('value' => $txt[$validation]);
        }
    } else {
        $errors[] = array('value' => $txt['cannot_admin_forum']);
    }
    $context['sub_template'] = 'generic_xml';
    $context['xml_data'] = array('corefeatures' => array('identifier' => 'corefeature', 'children' => $returns), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors));
}
Exemple #8
0
/**
 * Function to handle HTTP-GET-requests.
 * @param Array, $requestData are the requested data
 */
function get(array $requestData)
{
    $logger = Logger::getLogger(basename(__FILE__));
    if (validateSession()) {
        $logger->info("Session is valid.");
        header(HTTP_VERSION . ' ' . HTTP_200);
        return;
    } else {
        $headers = getallheaders();
        if (isset($headers['sid'])) {
            session_write_close();
            session_id($headers['sid']);
            session_start();
            if (validateSession()) {
                header(HTTP_VERSION . ' ' . HTTP_200);
                return;
            }
        }
        $logger->info("Session is invalid.");
        header(HTTP_VERSION . ' ' . HTTP_401);
    }
}
Exemple #9
0
<?php

session_start();
require "../mysql_config.php";
require "getLists.php";
mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Could not connect to MySQL server.');
mysql_select_db(DB_DATABASE);
mysql_query("SET NAMES 'utf8'");
validateSession("../admin/autos.php");
if ($_GET["confirm"] == 1) {
    $abfrage = "SELECT personenid, adminid FROM Person, Admin WHERE email LIKE '" . $_SESSION["username"] . "' AND personenid=adminid;";
    $ergebnis = mysql_query($abfrage);
    $row = mysql_fetch_array($ergebnis);
    if (mysql_num_rows($ergebnis) == 0) {
        header('Location: ../admin/autos.php');
    }
    $id = $_GET["id"];
    $abfrage = "DELETE FROM Auto WHERE id='{$id}'";
    // echo $abfrage;
    mysql_query($abfrage);
    header("Location: ../admin/autos.php");
}
?>

<script type="text/javascript">
	var txt;
	var r = confirm("Das Auto wird jetzt gel\u00f6scht!");
	if (r == true) {
		window.location = window.location.href+"&confirm=1";
	} else {
		window.location = "../admin/autos.php";
function GetPicklistValues($username, $sessionid, $tablename)
{
    global $current_user, $log, $adb;
    if (!validateSession($username, $sessionid)) {
        return null;
    }
    require_once "modules/Users/Users.php";
    $seed_user = new Users();
    $user_id = $seed_user->retrieve_user_id($username);
    $current_user = $seed_user;
    $current_user->retrieve_entity_info($user_id, 'Users');
    require_once "include/utils/UserInfoUtil.php";
    $roleid = fetchUserRole($user_id);
    checkFileAccessForInclusion('user_privileges/user_privileges_' . $current_user->id . '.php');
    require 'user_privileges/user_privileges_' . $current_user->id . '.php';
    if ($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0) {
        $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename);
        $result1 = $adb->pquery($query, array());
        for ($i = 0; $i < $adb->num_rows($result1); $i++) {
            $output[$i] = decode_html($adb->query_result($result1, $i, $tablename));
        }
    } else {
        if (isPermitted("HelpDesk", "EditView") == "yes" && CheckFieldPermission($tablename, 'HelpDesk') == 'true') {
            $query = "select " . $adb->sql_escape_string($tablename) . " from vtiger_" . $adb->sql_escape_string($tablename) . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $adb->sql_escape_string($tablename) . ".picklist_valueid where roleid=? and picklistid in (select picklistid from vtiger_" . $adb->sql_escape_string($tablename) . " ) order by sortid";
            $result1 = $adb->pquery($query, array($roleid));
            for ($i = 0; $i < $adb->num_rows($result1); $i++) {
                $output[$i] = decode_html($adb->query_result($result1, $i, $tablename));
            }
        } else {
            $output[] = 'Not Accessible';
        }
    }
    return $output;
}
Exemple #11
0
function get_service_list_values($id, $modulename, $sessionid, $only_mine = 'true')
{
    require_once 'modules/Services/Services.php';
    require_once 'include/utils/UserInfoUtil.php';
    $adb = PearDatabase::getInstance();
    $log = vglobal('log');
    $log->debug("Entering customer portal Function get_service_list_values");
    $check = checkModuleActive($modulename);
    if ($check == false) {
        return array("#MODULE INACTIVE#");
    }
    $user = new Users();
    $userid = getPortalUserid();
    $current_user = $user->retrieveCurrentUserInfoFromFile($userid);
    //To avoid SQL injection we are type casting as well as bound the id variable
    $id = (int) vtlib_purify($id);
    $entity_ids_list = array();
    $show_all = show_all($modulename);
    if (!validateSession($id, $sessionid)) {
        return null;
    }
    if ($only_mine == 'true' || $show_all == 'false') {
        array_push($entity_ids_list, $id);
    } else {
        $contactquery = "SELECT contactid, parentid FROM vtiger_contactdetails " . " INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_contactdetails.contactid" . " AND vtiger_crmentity.deleted = 0 " . " WHERE (parentid = (SELECT parentid FROM vtiger_contactdetails WHERE contactid = ?)  AND parentid != 0) OR contactid = ?";
        $contactres = $adb->pquery($contactquery, array($id, $id));
        $no_of_cont = $adb->num_rows($contactres);
        for ($i = 0; $i < $no_of_cont; $i++) {
            $cont_id = $adb->query_result($contactres, $i, 'contactid');
            $acc_id = $adb->query_result($contactres, $i, 'parentid');
            if (!in_array($cont_id, $entity_ids_list)) {
                $entity_ids_list[] = $cont_id;
            }
            if (!in_array($acc_id, $entity_ids_list) && $acc_id != '0') {
                $entity_ids_list[] = $acc_id;
            }
        }
    }
    $focus = new Services();
    $focus->filterInactiveFields('Services');
    foreach ($focus->list_fields as $fieldlabel => $values) {
        foreach ($values as $table => $fieldname) {
            $fields_list[$fieldlabel] = $fieldname;
        }
    }
    $fields_list['Related To'] = 'entityid';
    $query = array();
    $params = array();
    $query[] = "select vtiger_service.*," . "case when vtiger_crmentityrel.crmid != vtiger_service.serviceid then vtiger_crmentityrel.crmid else vtiger_crmentityrel.relcrmid end as entityid, " . "'' as setype from vtiger_service " . "inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_service.serviceid " . "left join vtiger_crmentityrel on (vtiger_crmentityrel.relcrmid=vtiger_service.serviceid or vtiger_crmentityrel.crmid=vtiger_service.serviceid) " . "where vtiger_crmentity.deleted = 0 and " . "( vtiger_crmentityrel.crmid in (" . generateQuestionMarks($entity_ids_list) . ") OR " . "(vtiger_crmentityrel.relcrmid in (" . generateQuestionMarks($entity_ids_list) . ") AND vtiger_crmentityrel.module = 'Services')" . ")";
    $params[] = array($entity_ids_list, $entity_ids_list);
    $checkQuotes = checkModuleActive('Quotes');
    if ($checkQuotes == true) {
        $query[] = "select distinct vtiger_service.*,\n\t\t\tvtiger_quotes.accountid as entityid,\n\t\t\t'Accounts' as setype\n\t\t\tfrom vtiger_quotes INNER join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_quotes.quoteid\n\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_quotes.quoteid\n\t\t\tleft join vtiger_service on vtiger_service.serviceid = vtiger_inventoryproductrel.productid\n\t\t\twhere vtiger_inventoryproductrel.productid = vtiger_service.serviceid AND vtiger_crmentity.deleted=0 and accountid in  (" . generateQuestionMarks($entity_ids_list) . ")";
        $params[] = array($entity_ids_list);
    }
    $checkInvoices = checkModuleActive('Invoice');
    if ($checkInvoices == true) {
        $query[] = "select distinct vtiger_service.*, vtiger_invoice.accountid as entityid, 'Accounts' as setype\n\t\t\tfrom vtiger_invoice\n\t\t\tINNER join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_invoice.invoiceid\n\t\t\tleft join vtiger_inventoryproductrel on vtiger_inventoryproductrel.id=vtiger_invoice.invoiceid\n\t\t\tleft join vtiger_service on vtiger_service.serviceid = vtiger_inventoryproductrel.productid\n\t\t\twhere vtiger_inventoryproductrel.productid = vtiger_service.serviceid AND vtiger_crmentity.deleted=0 and accountid in (" . generateQuestionMarks($entity_ids_list) . ")";
        $params[] = array($entity_ids_list, $entity_ids_list);
    }
    $ServicesfieldVisibilityPermissions = array();
    foreach ($fields_list as $fieldlabel => $fieldname) {
        $ServicesfieldVisibilityPermissions[$fieldname] = getFieldVisibilityPermission('Services', $current_user->id, $fieldname);
    }
    $fieldValuesToRound = array('unit_price', 'commissionrate');
    for ($k = 0; $k < count($query); $k++) {
        $res[$k] = $adb->pquery($query[$k], $params[$k]);
        $noofdata[$k] = $adb->num_rows($res[$k]);
        if ($noofdata[$k] == 0) {
            $output[$k][$modulename]['data'] = '';
        }
        for ($j = 0; $j < $noofdata[$k]; $j++) {
            $i = 0;
            foreach ($fields_list as $fieldlabel => $fieldname) {
                $fieldper = $ServicesfieldVisibilityPermissions[$fieldname];
                if ($fieldper == '1' && $fieldname != 'entityid') {
                    continue;
                }
                $output[$k][$modulename]['head'][0][$i]['fielddata'] = Vtiger_Language_Handler::getTranslatedString($fieldlabel, 'Services', vglobal('default_language'));
                $fieldvalue = $adb->query_result($res[$k], $j, $fieldname);
                $fieldid = $adb->query_result($res[$k], $j, 'serviceid');
                if (in_array($fieldname, $fieldValuesToRound)) {
                    $fieldvalue = round($fieldvalue, 2);
                }
                if ($fieldname == 'entityid') {
                    $crmid = $fieldvalue;
                    $module = $adb->query_result($res[$k], $j, 'setype');
                    if ($module == '') {
                        $module = $adb->query_result($adb->pquery("SELECT setype FROM vtiger_crmentity WHERE crmid = ?", array($crmid)), 0, 'setype');
                    }
                    if ($crmid != '' && $module != '') {
                        $fieldvalues = getEntityName($module, array($crmid));
                        if ($module == 'Contacts') {
                            $fieldvalue = '<a href="index.php?module=Contacts&action=index&id=' . $crmid . '">' . $fieldvalues[$crmid] . '</a>';
                        } elseif ($module == 'Accounts') {
                            $fieldvalue = '<a href="index.php?module=Accounts&action=index&id=' . $crmid . '">' . $fieldvalues[$crmid] . '</a>';
                        }
                    } else {
                        $fieldvalue = '';
                    }
                }
                if ($fieldname == 'servicename') {
                    $fieldvalue = '<a href="index.php?module=Services&action=index&id=' . $fieldid . '">' . $fieldvalue . '</a>';
                }
                if ($fieldname == 'unit_price') {
                    $sym = getCurrencySymbol($res[$k], $j, 'currency_id');
                    $fieldvalue = $sym . $fieldvalue;
                }
                $output[$k][$modulename]['data'][$j][$i]['fielddata'] = $fieldvalue;
                $i++;
            }
        }
    }
    $log->debug("Exiting customerportal function get_product_list_values.....");
    return $output;
}
Exemple #12
0
function DeleteClndr($username, $session, $crmid)
{
    if (!validateSession($username, $session)) {
        return null;
    }
    global $current_user;
    require_once 'modules/Users/Users.php';
    require_once 'modules/Calendar/Activity.php';
    $seed_user = new Users();
    $user_id = $seed_user->retrieve_user_id($username);
    $current_user = $seed_user;
    $current_user->retrieve_entity_info($user_id, "Users");
    $clndr = new Activity();
    $clndr->id = $crmid;
    $clndr->mark_deleted($clndr->id);
    return $clndr->id;
}
Exemple #13
0
function TPadminIndex($tpsub = '', $module_admin = false)
{
    global $txt, $context, $scripturl, $smcFunc;
    if (loadLanguage('TPortalAdmin') == false) {
        loadLanguage('TPortalAdmin', 'english');
    }
    if ($module_admin) {
        // make sure tpadmin is still active
        $_GET['action'] = 'tpadmin';
    }
    $context['admin_tabs'] = array();
    $context['admin_header']['tp_news'] = $txt['tp-adminnews1'];
    $context['admin_header']['tp_settings'] = $txt['tp-adminheader1'];
    $context['admin_header']['tp_articles'] = $txt['tp-articles'];
    $context['admin_header']['tp_blocks'] = $txt['tp-adminpanels'];
    $context['admin_header']['tp_modules'] = $txt['tp-modules'];
    $context['admin_header']['tp_menubox'] = $txt['tp-menumanager'];
    $context['admin_header']['custom_modules'] = $txt['custom_modules'];
    if (allowedTo('tp_settings')) {
        $context['admin_tabs']['tp_news'] = array('news' => array('title' => $txt['tp-adminnews1'], 'description' => $txt['tp-adminnews2'], 'href' => $scripturl . '?action=tpadmin;sa=news', 'is_selected' => $tpsub == 'news'));
    }
    if (allowedTo('tp_settings')) {
        $context['admin_tabs']['tp_settings'] = array('settings' => array('title' => $txt['tp-settings'], 'description' => $txt['tp-settingdesc1'], 'href' => $scripturl . '?action=tpadmin;sa=settings', 'is_selected' => $tpsub == 'settings'), 'frontpage' => array('title' => $txt['tp-frontpage'], 'description' => $txt['tp-frontpagedesc1'], 'href' => $scripturl . '?action=tpadmin;sa=frontpage', 'is_selected' => $tpsub == 'frontpage'));
    }
    if (allowedTo('tp_articles')) {
        $context['admin_tabs']['tp_articles'] = array('articles' => array('title' => $txt['tp-articles'], 'description' => $txt['tp-articledesc1'], 'href' => $scripturl . '?action=tpadmin;sa=articles', 'is_selected' => substr($tpsub, 0, 11) == 'editarticle' || in_array($tpsub, array('articles', 'addarticle', 'addarticle_php', 'addarticle_bbc', 'addarticle_import', 'strays'))), 'categories' => array('title' => $txt['tp-tabs5'], 'description' => $txt['tp-articledesc2'], 'href' => $scripturl . '?action=tpadmin;sa=categories', 'is_selected' => in_array($tpsub, array('categories', 'addcategory', 'clist'))), 'artsettings' => array('title' => $txt['tp-settings'], 'description' => $txt['tp-articledesc3'], 'href' => $scripturl . '?action=tpadmin;sa=artsettings', 'is_selected' => $tpsub == 'artsettings'), 'submission' => array('title' => (isset($context['TPortal']['submissions']) && $context['TPortal']['submissions']) > 0 ? $txt['tp-tabs4'] . ' [' . $context['TPortal']['submissions'] . ']' : $txt['tp-tabs4'], 'description' => $txt['tp-articledesc4'], 'href' => $scripturl . '?action=tpadmin;sa=submission', 'is_selected' => $tpsub == 'submission'), 'icons' => array('title' => $txt['tp-adminicons'], 'description' => $txt['tp-articledesc5'], 'href' => $scripturl . '?action=tpadmin;sa=articons', 'is_selected' => $tpsub == 'articons'));
    }
    if (allowedTo('tp_blocks')) {
        $context['admin_tabs']['tp_blocks'] = array('panelsettings' => array('title' => $txt['tp-allpanels'], 'description' => $txt['tp-paneldesc1'], 'href' => $scripturl . '?action=tpadmin;sa=panels', 'is_selected' => $tpsub == 'panels'), 'blocks' => array('title' => $txt['tp-allblocks'], 'description' => $txt['tp-blocksdesc1'], 'href' => $scripturl . '?action=tpadmin;sa=blocks', 'is_selected' => $tpsub == 'blocks' && !isset($_GET['latest']) && !isset($_GET['overview'])), 'blockoverview' => array('title' => $txt['tp-blockoverview'], 'description' => '', 'href' => $scripturl . '?action=tpadmin;sa=blocks;overview', 'is_selected' => $tpsub == 'blocks' && isset($_GET['overview'])));
    }
    if (allowedTo('tp_settings')) {
        $context['admin_tabs']['tp_modules'] = array('modules' => array('title' => $txt['tp-modules'], 'description' => $txt['tp-moduledesc1'], 'href' => $scripturl . '?action=tpadmin;sa=modules', 'is_selected' => $tpsub == 'modules' && !isset($_GET['import']) && !isset($_GET['tags'])));
    }
    // collect modules and their permissions
    $result = $smcFunc['db_query']('', '
		SELECT * FROM {db_prefix}tp_modules 
		WHERE 1', array());
    if ($smcFunc['db_num_rows']($result) > 0) {
        while ($row = $smcFunc['db_fetch_assoc']($result)) {
            $context['TPortal']['admmodules'][] = $row;
        }
        $smcFunc['db_free_result']($result);
    }
    if (allowedTo('tp_blocks')) {
        $context['admin_tabs']['tp_menubox'] = array('menubox' => array('title' => $txt['tp-menumanager'], 'description' => '', 'href' => $scripturl . '?action=tpadmin;sa=menubox', 'is_selected' => in_array($tpsub, array('menubox', 'linkmanager'))), 'addmenu' => array('title' => isset($_GET['mid']) ? $txt['tp-addmenuitem'] : $txt['tp-addmenu'], 'description' => '', 'href' => isset($_GET['mid']) && is_numeric($_GET['mid']) ? $scripturl . '?action=tpadmin;sa=addmenu;mid=' . $_GET['mid'] : $scripturl . '?action=tpadmin;sa=addmenu;fullmenu', 'is_selected' => in_array($tpsub, array('addmenu'))));
    }
    TPsetupAdminAreas();
    validateSession();
}
Exemple #14
0
/**
 * Check that the session is active and valid for the user passed.
 * @param string $userid
 * @return User or Error
 */
function validateUserSession($userid)
{
    global $USER, $LNG;
    $validateSession = validateSession($userid);
    if (strcmp($validateSession, $LNG->CORE_SESSION_OK) != 0) {
        $ERROR = new error();
        $ERROR->createValidateSessionError($validateSession);
        return $ERROR;
    }
    $user = $USER;
    return $user;
}
Exemple #15
0
function ModifyProfile2()
{
    global $txt, $modSettings;
    global $cookiename, $context;
    global $sourcedir, $scripturl, $db_prefix;
    global $ID_MEMBER, $user_info;
    global $context, $newpassemail, $user_profile, $validationCode;
    loadLanguage('Profile');
    /* Set allowed sub-actions.
    
    	 The format of $sa_allowed is as follows:
    
    	$sa_allowed = array(
    		'sub-action' => array(permission_array_for_editing_OWN_profile, permission_array_for_editing_ANY_profile, session_validation_method[, require_password]),
    		...
    	);
    
    	*/
    $sa_allowed = array('account' => array(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'), array('manage_membergroups', 'profile_identity_any'), 'post', true), 'forumProfile' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'theme' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'notification' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'pmprefs' => array(array('profile_extra_any', 'profile_extra_own'), array('profile_extra_any'), 'post'), 'deleteAccount' => array(array('profile_remove_any', 'profile_remove_own'), array('profile_remove_any'), 'post', true), 'activateAccount' => array(array(), array('moderate_forum'), 'get'));
    // Is the current sub-action allowed?
    if (empty($_REQUEST['sa']) || !isset($sa_allowed[$_REQUEST['sa']])) {
        fatal_lang_error(453, false);
    }
    checkSession($sa_allowed[$_REQUEST['sa']][2]);
    // Start with no updates and no errors.
    $profile_vars = array();
    $post_errors = array();
    // Normally, don't send an email.
    $newpassemail = false;
    // Clean up the POST variables.
    $_POST = htmltrim__recursive($_POST);
    $_POST = stripslashes__recursive($_POST);
    $_POST = htmlspecialchars__recursive($_POST);
    $_POST = addslashes__recursive($_POST);
    // Search for the member being edited and put the information in $user_profile.
    $memberResult = loadMemberData((int) $_REQUEST['userID'], false, 'profile');
    if (!is_array($memberResult)) {
        fatal_lang_error(453, false);
    }
    list($memID) = $memberResult;
    // Are you modifying your own, or someone else's?
    if ($ID_MEMBER == $memID) {
        $context['user']['is_owner'] = true;
    } else {
        $context['user']['is_owner'] = false;
        validateSession();
    }
    // Check profile editing permissions.
    isAllowedTo($sa_allowed[$_REQUEST['sa']][$context['user']['is_owner'] ? 0 : 1]);
    // If this is yours, check the password.
    if ($context['user']['is_owner'] && !empty($sa_allowed[$_REQUEST['sa']][3])) {
        // You didn't even enter a password!
        if (trim($_POST['oldpasswrd']) == '') {
            $post_errors[] = 'no_password';
        }
        // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
        $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])));
        // Does the integration want to check passwords?
        $good_password = false;
        if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) {
            if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) {
                $good_password = true;
            }
        }
        // Bad password!!!
        if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) {
            $post_errors[] = 'bad_password';
        }
    }
    // No need for the sub action array.
    unset($sa_allowed);
    // If the user is an admin - see if they are resetting someones username.
    if ($user_info['is_admin'] && isset($_POST['memberName'])) {
        // We'll need this...
        require_once $sourcedir . '/Subs-Auth.php';
        // Do the reset... this will send them an email too.
        resetPassword($memID, $_POST['memberName']);
    }
    // Change the IP address in the database.
    if ($context['user']['is_owner']) {
        $profile_vars['memberIP'] = "'{$user_info['ip']}'";
    }
    // Now call the sub-action function...
    if (isset($_POST['sa']) && $_POST['sa'] == 'deleteAccount') {
        deleteAccount2($profile_vars, $post_errors, $memID);
        if (empty($post_errors)) {
            redirectexit();
        }
    } else {
        saveProfileChanges($profile_vars, $post_errors, $memID);
    }
    // There was a problem, let them try to re-enter.
    if (!empty($post_errors)) {
        // Load the language file so we can give a nice explanation of the errors.
        loadLanguage('Errors');
        $context['post_errors'] = $post_errors;
        $_REQUEST['sa'] = $_POST['sa'];
        $_REQUEST['u'] = $memID;
        return ModifyProfile($post_errors);
    }
    if (!empty($profile_vars)) {
        // If we've changed the password, notify any integration that may be listening in.
        if (isset($profile_vars['passwd']) && isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
            call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']);
        }
        updateMemberData($memID, $profile_vars);
    }
    // What if this is the newest member?
    if ($modSettings['latestMember'] == $memID) {
        updateStats('member');
    } elseif (isset($profile_vars['realName'])) {
        updateSettings(array('memberlist_updated' => time()));
    }
    // If the member changed his/her birthdate, update calendar statistics.
    if (isset($profile_vars['birthdate']) || isset($profile_vars['realName'])) {
        updateStats('calendar');
    }
    // Send an email?
    if ($newpassemail) {
        require_once $sourcedir . '/Subs-Post.php';
        // Send off the email.
        sendmail($_POST['emailAddress'], $txt['activate_reactivate_title'] . ' ' . $context['forum_name'], "{$txt['activate_reactivate_mail']}\n\n" . "{$scripturl}?action=activate;u={$memID};code={$validationCode}\n\n" . "{$txt['activate_code']}: {$validationCode}\n\n" . $txt[130]);
        // Log the user out.
        db_query("\n\t\t\tDELETE FROM {$db_prefix}log_online\n\t\t\tWHERE ID_MEMBER = {$memID}", __FILE__, __LINE__);
        $_SESSION['log_time'] = 0;
        $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
        if (isset($_COOKIE[$cookiename])) {
            $_COOKIE[$cookiename] = '';
        }
        loadUserSettings();
        $context['user']['is_logged'] = false;
        $context['user']['is_guest'] = true;
        // Send them to the done-with-registration-login screen.
        loadTemplate('Register');
        $context += array('page_title' => &$txt[79], 'sub_template' => 'after', 'description' => &$txt['activate_changed_email']);
        return;
    } elseif ($context['user']['is_owner']) {
        // Log them back in.
        if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') {
            require_once $sourcedir . '/Subs-Auth.php';
            setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));
        }
        loadUserSettings();
        writeLog();
    }
    // Back to same subaction page..
    redirectexit('action=profile;u=' . $memID . ';sa=' . $_REQUEST['sa'], isset($_POST['passwrd1']) && $context['server']['needs_login_fix'] || $context['browser']['is_ie'] && isset($_FILES['attachment']));
}
Exemple #16
0
function adminIndex($area)
{
    global $txt, $context, $scripturl, $sc, $modSettings, $user_info, $settings;
    // Load the language and templates....
    loadLanguage('Admin');
    loadTemplate('Admin');
    // Admin area 'Main'.
    $context['admin_areas']['forum'] = array('title' => $txt[427], 'areas' => array('index' => '<a href="' . $scripturl . '?action=admin">' . $txt[208] . '</a>', 'credits' => '<a href="' . $scripturl . '?action=admin;credits">' . $txt['support_credits_title'] . '</a>'));
    if (allowedTo(array('edit_news', 'send_mail', 'admin_forum'))) {
        $context['admin_areas']['forum']['areas']['news'] = '<a href="' . $scripturl . '?action=news">' . $txt['news_title'] . '</a>';
    }
    if (allowedTo('admin_forum')) {
        $context['admin_areas']['forum']['areas']['manage_packages'] = '<a href="' . $scripturl . '?action=packages">' . $txt['package1'] . '</a>';
    }
    // Admin area 'Configuration'.
    if (allowedTo('admin_forum')) {
        $context['admin_areas']['config'] = array('title' => $txt[428], 'areas' => array('edit_mods_settings' => '<a href="' . $scripturl . '?action=featuresettings">' . $txt['modSettings_title'] . '</a>', 'edit_settings' => '<a href="' . $scripturl . '?action=serversettings;sesc=' . $sc . '">' . $txt[222] . '</a>', 'edit_theme_settings' => '<a href="' . $scripturl . '?action=theme;sa=settings;th=' . $settings['theme_id'] . ';sesc=' . $sc . '">' . $txt['theme_current_settings'] . '</a>', 'manage_themes' => '<a href="' . $scripturl . '?action=theme;sa=admin;sesc=' . $sc . '">' . $txt['theme_admin'] . '</a>'));
    }
    // Admin area 'Forum'.
    if (allowedTo(array('manage_boards', 'admin_forum', 'manage_smileys', 'manage_attachments', 'moderate_forum'))) {
        $context['admin_areas']['layout'] = array('title' => $txt['layout_controls'], 'areas' => array());
        if (allowedTo('manage_boards')) {
            $context['admin_areas']['layout']['areas']['manage_boards'] = '<a href="' . $scripturl . '?action=manageboards">' . $txt[4] . '</a>';
        }
        if (allowedTo(array('admin_forum', 'moderate_forum'))) {
            $context['admin_areas']['layout']['areas']['posts_and_topics'] = '<a href="' . $scripturl . '?action=postsettings">' . $txt['manageposts'] . '</a>';
        }
        if (allowedTo('admin_forum')) {
            $context['admin_areas']['layout']['areas']['manage_calendar'] = '<a href="' . $scripturl . '?action=managecalendar">' . $txt['manage_calendar'] . '</a>';
            $context['admin_areas']['layout']['areas']['manage_search'] = '<a href="' . $scripturl . '?action=managesearch">' . $txt['manage_search'] . '</a>';
        }
        if (allowedTo('manage_smileys')) {
            $context['admin_areas']['layout']['areas']['manage_smileys'] = '<a href="' . $scripturl . '?action=smileys">' . $txt['smileys_manage'] . '</a>';
        }
        if (allowedTo('manage_attachments')) {
            $context['admin_areas']['layout']['areas']['manage_attachments'] = '<a href="' . $scripturl . '?action=manageattachments">' . $txt['smf201'] . '</a>';
        }
    }
    // Admin area 'Members'.
    if (allowedTo(array('moderate_forum', 'manage_membergroups', 'manage_bans', 'manage_permissions', 'admin_forum'))) {
        $context['admin_areas']['members'] = array('title' => $txt[426], 'areas' => array());
        if (allowedTo('moderate_forum')) {
            $context['admin_areas']['members']['areas']['view_members'] = '<a href="' . $scripturl . '?action=viewmembers">' . $txt[5] . '</a>';
        }
        if (allowedTo('manage_membergroups')) {
            $context['admin_areas']['members']['areas']['edit_groups'] = '<a href="' . $scripturl . '?action=membergroups;">' . $txt[8] . '</a>';
        }
        if (allowedTo('manage_permissions')) {
            $context['admin_areas']['members']['areas']['edit_permissions'] = '<a href="' . $scripturl . '?action=permissions">' . $txt['edit_permissions'] . '</a>';
        }
        if (allowedTo(array('admin_forum', 'moderate_forum'))) {
            $context['admin_areas']['members']['areas']['registration_center'] = '<a href="' . $scripturl . '?action=regcenter">' . $txt['registration_center'] . '</a>';
        }
        if (allowedTo('manage_bans')) {
            $context['admin_areas']['members']['areas']['ban_members'] = '<a href="' . $scripturl . '?action=ban">' . $txt['ban_title'] . '</a>';
        }
    }
    // Admin area 'Maintenance Controls'.
    if (allowedTo('admin_forum')) {
        $context['admin_areas']['maintenance'] = array('title' => $txt[501], 'areas' => array('maintain_forum' => '<a href="' . $scripturl . '?action=maintain">' . $txt['maintain_title'] . '</a>', 'generate_reports' => '<a href="' . $scripturl . '?action=reports">' . $txt['generate_reports'] . '</a>', 'view_errors' => '<a href="' . $scripturl . '?action=viewErrorLog;desc">' . $txt['errlog1'] . '</a>'));
        if (!empty($modSettings['modlog_enabled'])) {
            $context['admin_areas']['maintenance']['areas']['view_moderation_log'] = '<a href="' . $scripturl . '?action=modlog">' . $txt['modlog_view'] . '</a>';
        }
    }
    // Make sure the administrator has a valid session...
    validateSession();
    // Figure out which one we're in now...
    foreach ($context['admin_areas'] as $id => $section) {
        if (isset($section[$area])) {
            $context['admin_section'] = $id;
        }
    }
    $context['admin_area'] = $area;
    // obExit will know what to do!
    $context['template_layers'][] = 'admin';
}
function char_edit()
{
    global $context, $smcFunc, $txt, $sourcedir, $user_info, $modSettings;
    // If they don't have permission to be here, goodbye.
    if (!$context['character']['editable']) {
        redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character']);
    }
    $context['character']['title_editable'] = !empty($modSettings['titlesEnable']) && allowedTo('admin_forum');
    $context['sub_template'] = 'edit_char';
    loadJavascriptFile('chars.js', array('default_theme' => true), 'chars');
    $context['character']['groups_editable'] = false;
    if (allowedTo('manage_membergroups') && !$context['character']['is_main']) {
        $context['character']['groups_editable'] = true;
        profileLoadCharGroups();
    }
    require_once $sourcedir . '/Subs-Post.php';
    require_once $sourcedir . '/Profile-Modify.php';
    profileLoadSignatureData();
    $context['form_errors'] = [];
    if (isset($_POST['edit_char'])) {
        validateSession();
        validateToken('edit-char' . $context['character']['id_character'], 'post');
        $changes = [];
        $new_name = !empty($_POST['char_name']) ? $smcFunc['htmlspecialchars'](trim($_POST['char_name']), ENT_QUOTES) : '';
        if ($new_name == '') {
            $context['form_errors'][] = $txt['char_error_character_must_have_name'];
        } elseif ($new_name != $context['character']['character_name']) {
            // Check if the name already exists.
            $result = $smcFunc['db_query']('', '
				SELECT COUNT(*)
				FROM {db_prefix}characters
				WHERE character_name LIKE {string:new_name}
					AND id_character != {int:char}', array('new_name' => $new_name, 'char' => $context['character']['id_character']));
            list($matching_names) = $smcFunc['db_fetch_row']($result);
            $smcFunc['db_free_result']($result);
            if ($matching_names) {
                $context['form_errors'][] = $txt['char_error_duplicate_character_name'];
            } else {
                $changes['character_name'] = $new_name;
            }
        }
        if ($context['character']['title_editable']) {
            $new_title = isset($_POST['char_title']) ? $_POST['char_title'] : '';
            preparsecode($new_title);
            if ($new_title != $context['character']['char_title']) {
                $changes['char_title'] = $new_title;
            }
        }
        if ($context['character']['groups_editable']) {
            // Editing groups is a little bit complicated.
            $new_id_group = isset($_POST['id_group'], $context['member_groups'][$_POST['id_group']]) && $context['member_groups'][$_POST['id_group']]['can_be_primary'] ? (int) $_POST['id_group'] : $context['character']['main_char_group'];
            $new_char_groups = [];
            if (isset($_POST['additional_groups']) && is_array($_POST['additional_groups'])) {
                foreach ($_POST['additional_groups'] as $id_group) {
                    if (!isset($context['member_groups'][$id_group])) {
                        continue;
                    }
                    if (!$context['member_groups'][$id_group]['can_be_additional']) {
                        continue;
                    }
                    if ($id_group == $new_id_group) {
                        continue;
                    }
                    $new_char_groups[] = (int) $id_group;
                }
            }
            $new_char_groups = implode(',', $new_char_groups);
            if ($new_id_group != $context['character']['main_char_group']) {
                $changes['main_char_group'] = $new_id_group;
            }
            if ($new_char_groups != $context['character']['char_groups']) {
                $changes['char_groups'] = $new_char_groups;
            }
        }
        $new_age = !empty($_POST['age']) ? $smcFunc['htmlspecialchars'](trim($_POST['age']), ENT_QUOTES) : '';
        if ($new_age != $context['character']['age']) {
            $changes['age'] = $new_age;
        }
        $new_avatar = !empty($_POST['avatar']) ? trim($_POST['avatar']) : '';
        $validatable_avatar = strpos($new_avatar, 'http') !== 0 ? 'http://' . $new_avatar : $new_avatar;
        // filter_var doesn't like // URLs
        if ($new_avatar != $context['character']['avatar']) {
            if (filter_var($validatable_avatar, FILTER_VALIDATE_URL)) {
                $size = get_avatar_url_size($new_avatar);
                if (!$size) {
                    $context['form_errors'][] = $txt['char_error_avatar_link_invalid'];
                } elseif (!empty($modSettings['avatar_max_width_external'])) {
                    if ($size[0] > $modSettings['avatar_max_width_external'] || $size[1] > $modSettings['avatar_max_height_external']) {
                        $txt['char_error_avatar_oversize'] = sprintf($txt['char_error_avatar_oversize'], $size[0], $size[1], $modSettings['avatar_max_width_external'], $modSettings['avatar_max_height_external']);
                        $context['form_errors'][] = $txt['char_error_avatar_oversize'];
                    } else {
                        $changes['avatar'] = $new_avatar;
                    }
                } else {
                    $changes['avatar'] = $new_avatar;
                }
            } elseif ($new_avatar != '') {
                $context['form_errors'][] = $txt['char_error_avatar_must_be_real_url'];
            }
        }
        $new_sig = !empty($_POST['char_signature']) ? $smcFunc['htmlspecialchars']($_POST['char_signature'], ENT_QUOTES) : '';
        $valid_sig = profileValidateSignature($new_sig);
        if ($valid_sig === true) {
            $changes['signature'] = $new_sig;
        } else {
            $context['form_errors'][] = $valid_sig;
        }
        if (!empty($changes) && empty($context['form_errors'])) {
            if ($context['character']['is_main']) {
                if (isset($changes['character_name'])) {
                    updateMemberData($context['id_member'], array('real_name' => $changes['character_name']));
                }
            }
            if (!empty($modSettings['userlog_enabled'])) {
                $rows = [];
                foreach ($changes as $key => $new_value) {
                    $change_array = array('previous' => $context['character'][$key], 'new' => $changes[$key], 'applicator' => $context['user']['id'], 'member_affected' => $context['id_member'], 'id_character' => $context['character']['id_character'], 'character_name' => !empty($changes['character_name']) ? $changes['character_name'] : $context['character']['character_name']);
                    if ($key == 'main_char_group') {
                        $change_array['previous'] = $context['member_groups'][$context['character'][$key]]['name'];
                        $change_array['new'] = $context['member_groups'][$changes[$key]]['name'];
                    }
                    if ($key == 'char_groups') {
                        $previous = [];
                        $new = [];
                        foreach (explode(',', $context['character']['char_groups']) as $id_group) {
                            if (isset($context['member_groups'][$id_group])) {
                                $previous[] = $context['member_groups'][$id_group]['name'];
                            }
                        }
                        foreach (explode(',', $changes['char_groups']) as $id_group) {
                            if (isset($context['member_groups'][$id_group])) {
                                $new[] = $context['member_groups'][$id_group]['name'];
                            }
                        }
                        $change_array['previous'] = implode(', ', $previous);
                        $change_array['new'] = implode(', ', $new);
                    }
                    $rows[] = array('id_log' => 2, 'log_time' => time(), 'id_member' => $context['id_member'], 'ip' => $user_info['ip'], 'action' => $context['character']['is_main'] && $key == 'character_name' ? 'real_name' : 'char_' . $key, 'id_board' => 0, 'id_topic' => 0, 'id_msg' => 0, 'extra' => json_encode($change_array));
                }
                if (!empty($rows)) {
                    $smcFunc['db_insert']('insert', '{db_prefix}log_actions', array('id_log' => 'int', 'log_time' => 'int', 'id_member' => 'int', 'ip' => 'inet', 'action' => 'string', 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string'), $rows, []);
                }
            }
            updateCharacterData($context['character']['id_character'], $changes);
            $_SESSION['char_updated'] = true;
            redirectexit('action=profile;u=' . $context['id_member'] . ';area=characters;char=' . $context['character']['id_character'] . ';sa=edit');
        }
        // Put the new values back in for the form
        $context['character'] = array_merge($context['character'], $changes);
        if (isset($changes['main_char_group']) || isset($changes['char_groups'])) {
            foreach (array_keys($context['member_groups']) as $id_group) {
                $context['member_groups']['is_primary'] = $id_group == $new_id_group;
                $context['member_groups']['is_additional'] = in_array($id_group, $new_char_groups);
            }
        }
    }
    $form_value = !empty($context['character']['signature']) ? $context['character']['signature'] : '';
    // Get it ready for the editor.
    $form_value = un_preparsecode($form_value);
    censorText($form_value);
    $form_value = str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), $form_value);
    $context['character']['char_title_raw'] = un_preparsecode($context['character']['char_title']);
    require_once $sourcedir . '/Subs-Editor.php';
    $editorOptions = array('id' => 'char_signature', 'value' => $form_value, 'disable_smiley_box' => false, 'labels' => [], 'height' => '200px', 'width' => '80%', 'preview_type' => 0, 'required' => true);
    create_control_richedit($editorOptions);
    addInlineJavascript('
	function update_preview() {
		if ($("#avatar").val() == "") {
			$("#avatar_preview").html(' . JavaScriptEscape($txt['no_avatar_yet']) . ');
		} else {
			$("#avatar_preview").html(\'<img src="\' + $("#avatar").val() + \'" class="avatar" alt="" />\');
		}
	}
	$(document).ready(function() { update_preview(); });
	$("#avatar").on("blur", function() { update_preview(); });', true);
    createToken('edit-char' . $context['character']['id_character'], 'post');
    $context['char_updated'] = !empty($_SESSION['char_updated']);
    unset($_SESSION['char_updated']);
}
Exemple #18
0
if (isset($_GET['reset'])) {
    header('Location: ./?session=' . $_GET['session']);
}
if (isset($_GET['del']) && strtolower($_GET['del']) === 'delete') {
    $dbConnection = new mysqli('localhost', 'chronoWrite', 'password', 'chronosynk');
    $stmt = $dbConnection->prepare('delete from session where sessionID = ?');
    $stmt->bind_param('i', $_GET['session']);
    $stmt->execute();
    header('Location: /chronosynk/sessions/');
}
if (isset($_GET['editSession'])) {
    include_once $_SERVER['DOCUMENT_ROOT'] . '/chronosynk/includes/methods.php';
    $dbConnection = new mysqli('localhost', 'chronoWrite', 'password', 'chronosynk');
    //start prepared statement
    //$title, $description, $startDate, $startHour, $startMinute, $startPeriod, $endDate, $endHour, $endMinute, $endPeriod, $visibility, $cap)
    $validate = validateSession($_GET['title'], $_GET['description'], $_GET['startDate'], $_GET['startHour'], $_GET['startMinute'], $_GET['startPeriod'], $_GET['endDate'], $_GET['endHour'], $_GET['endMinute'], $_GET['endPeriod'], $_GET['visibility'], $_GET['cap']);
    $formatInputToDateTime = 'm/d/Y h i A';
    if (!$validate['startDate']) {
        $startDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['startDate'] . ' ' . $_GET['startHour'] . ' ' . $_GET['startMinute'] . ' ' . $_GET['startPeriod']), 'Y/m/d H:i:s');
    }
    if (!$validate['endDate']) {
        $endDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['endDate'] . ' ' . $_GET['endHour'] . ' ' . $_GET['endMinute'] . ' ' . $_GET['endPeriod']), 'Y/m/d H:i:s');
    }
    $valid = true;
    $editSessionErrMsg = '';
    for ($i = 0; $i < sizeof($validate['fields']); $i++) {
        if (!empty($validate[$validate['fields'][$i]])) {
            $editSessionErrMsg .= $validate[$validate['fields'][$i]] . '<br/>';
            $valid = false;
        }
    }
Exemple #19
0
/**
 * A menu to easily access different areas of the PM section
 *
 * @param string $area
 */
function messageIndexBar($area)
{
    global $txt, $context, $scripturl, $sourcedir, $sc, $modSettings, $settings, $user_info, $options;
    $pm_areas = array('folders' => array('title' => $txt['pm_messages'], 'areas' => array('send' => array('label' => $txt['new_message'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => allowedTo('pm_send')), 'inbox' => array('label' => $txt['inbox'], 'custom_url' => $scripturl . '?action=pm'), 'sent' => array('label' => $txt['sent_items'], 'custom_url' => $scripturl . '?action=pm;f=sent'), 'drafts' => array('label' => $txt['drafts_show'], 'custom_url' => $scripturl . '?action=pm;sa=showpmdrafts', 'permission' => allowedTo('pm_draft'), 'enabled' => !empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled'])))), 'labels' => array('title' => $txt['pm_labels'], 'areas' => array()), 'actions' => array('title' => $txt['pm_actions'], 'areas' => array('search' => array('label' => $txt['pm_search_bar_title'], 'custom_url' => $scripturl . '?action=pm;sa=search'), 'prune' => array('label' => $txt['pm_prune'], 'custom_url' => $scripturl . '?action=pm;sa=prune'))), 'pref' => array('title' => $txt['pm_preferences'], 'areas' => array('manlabels' => array('label' => $txt['pm_manage_labels'], 'custom_url' => $scripturl . '?action=pm;sa=manlabels'), 'manrules' => array('label' => $txt['pm_manage_rules'], 'custom_url' => $scripturl . '?action=pm;sa=manrules'), 'settings' => array('label' => $txt['pm_settings'], 'custom_url' => $scripturl . '?action=pm;sa=settings'))));
    // Handle labels.
    if (empty($context['currently_using_labels'])) {
        unset($pm_areas['labels']);
    } else {
        // Note we send labels by id as it will have less problems in the querystring.
        $unread_in_labels = 0;
        foreach ($context['labels'] as $label) {
            if ($label['id'] == -1) {
                continue;
            }
            // Count the amount of unread items in labels.
            $unread_in_labels += $label['unread_messages'];
            // Add the label to the menu.
            $pm_areas['labels']['areas']['label' . $label['id']] = array('label' => $label['name'] . (!empty($label['unread_messages']) ? ' (<strong>' . $label['unread_messages'] . '</strong>)' : ''), 'custom_url' => $scripturl . '?action=pm;l=' . $label['id'], 'unread_messages' => $label['unread_messages'], 'messages' => $label['messages']);
        }
        if (!empty($unread_in_labels)) {
            $pm_areas['labels']['title'] .= ' (' . $unread_in_labels . ')';
        }
    }
    $pm_areas['folders']['areas']['inbox']['unread_messages'] =& $context['labels'][-1]['unread_messages'];
    $pm_areas['folders']['areas']['inbox']['messages'] =& $context['labels'][-1]['messages'];
    if (!empty($context['labels'][-1]['unread_messages'])) {
        $pm_areas['folders']['areas']['inbox']['label'] .= ' (<strong>' . $context['labels'][-1]['unread_messages'] . '</strong>)';
        $pm_areas['folders']['title'] .= ' (' . $context['labels'][-1]['unread_messages'] . ')';
    }
    // Do we have a limit on the amount of messages we can keep?
    if (!empty($context['message_limit'])) {
        $bar = round($user_info['messages'] * 100 / $context['message_limit'], 1);
        $context['limit_bar'] = array('messages' => $user_info['messages'], 'allowed' => $context['message_limit'], 'percent' => $bar, 'bar' => $bar > 100 ? 100 : (int) $bar, 'text' => sprintf($txt['pm_currently_using'], $user_info['messages'], $bar));
    }
    require_once $sourcedir . '/Subs-Menu.php';
    // What page is this, again?
    $current_page = $scripturl . '?action=pm' . (!empty($_REQUEST['sa']) ? ';sa=' . $_REQUEST['sa'] : '') . (!empty($context['folder']) ? ';f=' . $context['folder'] : '') . (!empty($context['current_label_id']) ? ';l=' . $context['current_label_id'] : '');
    // Set a few options for the menu.
    $menuOptions = array('current_area' => $area, 'disable_url_session_check' => true);
    // Actually create the menu!
    $pm_include_data = createMenu($pm_areas, $menuOptions);
    unset($pm_areas);
    // No menu means no access.
    if (!$pm_include_data && (!$user_info['is_guest'] || validateSession())) {
        fatal_lang_error('no_access', false);
    }
    // Make a note of the Unique ID for this menu.
    $context['pm_menu_id'] = $context['max_menu_id'];
    $context['pm_menu_name'] = 'menu_data_' . $context['pm_menu_id'];
    // Set the selected item.
    $current_area = $pm_include_data['current_area'];
    $context['menu_item_selected'] = $current_area;
    // Set the template for this area and add the profile layer.
    if (!WIRELESS && !isset($_REQUEST['xml'])) {
        $context['template_layers'][] = 'pm';
    }
}
Exemple #20
0
        				$query = 'insert all ';
        				for ($i = 0; $i < sizeof($tags); $i++)
        				{
        					$query .= 'into tag ('
        				}// INTO suppliers (supplier_id, supplier_name) VALUES (1000, 'IBM')
        				
        				$stmt = $dbConnection->prepare('');
        			}*/
        //header('Location: ./');
    }
}
//code to search through sessions
if (isset($_GET['search'])) {
    //'title', 'description', 'sSDate', 'sSHr', 'sSMin', 'sSPer', 'sEDate', 'sEHr', 'sEMin', 'sEPer', 'cap', 'visibility', 'tags');
    //parameters that don't need validated are given bogus information such as aaaaa since searching for a title does not need to be 5-50 characters
    $validate = validateSession('aaaaa', '', $_GET['sSDate'], $_GET['sSHr'], $_GET['sSMin'], $_GET['sSPer'], $_GET['sEDate'], $_GET['sEHr'], $_GET['sEMin'], $_GET['sEPer'], 0, $_GET['cap']);
    $formatInputToDateTime = 'm/d/Y h i a';
    if (!$validate['startDate']) {
        $startDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['sSDate'] . ' ' . $_GET['sSHr'] . ' ' . $_GET['sSMin'] . ' ' . $_GET['sSPer']), 'Y-m-d H:i:s');
    }
    if (!$validate['endDate']) {
        $endDate = date_format(date_create_from_format($formatInputToDateTime, $_GET['sEDate'] . ' ' . $_GET['sEHr'] . ' ' . $_GET['sEMin'] . ' ' . $_GET['sEPer']), 'Y-m-d H:i:s');
    }
    //if start/end dates are blank, dont send error message
    if (empty($_GET['startDate'])) {
        $validate['startDate'] = '';
    }
    if (empty($_GET['endDate'])) {
        $validate['endDate'] = '';
    }
    $valid = true;
Exemple #21
0
<?php

session_start();
require "../mysql_config.php";
require "getLists.php";
mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Could not connect to MySQL server.');
mysql_select_db(DB_DATABASE);
mysql_query("SET NAMES 'utf8'");
validateSession("../admin/hotels.php");
if ($_GET["confirm"] == 1) {
    $id = $_GET["id"];
    $abfrage = "DELETE FROM Hotel WHERE id='{$id}'";
    // echo $abfrage;
    mysql_query($abfrage);
    header("Location: ../admin/hotels.php");
}
?>

<script type="text/javascript">
	var txt;
	var r = confirm("Das Hotel wird jetzt gel\u00f6scht!");
	if (r == true) {
		window.location = window.location.href+"&confirm=1";
	} else {
		window.location = "../admin/hotels.php";
	}
</script>
Exemple #22
0
function ModifyProfile($post_errors = array())
{
    global $txt, $scripturl, $user_info, $context, $sourcedir, $user_profile, $cur_profile;
    global $modSettings, $memberContext, $profile_vars, $smcFunc, $post_errors, $options, $user_settings;
    // Don't reload this as we may have processed error strings.
    if (empty($post_errors)) {
        loadLanguage('Profile');
    }
    loadTemplate('Profile');
    require_once $sourcedir . '/Subs-Menu.php';
    // Did we get the user by name...
    if (isset($_REQUEST['user'])) {
        $memberResult = loadMemberData($_REQUEST['user'], true, 'profile');
    } elseif (!empty($_REQUEST['u'])) {
        $memberResult = loadMemberData((int) $_REQUEST['u'], false, 'profile');
    } else {
        $memberResult = loadMemberData($user_info['id'], false, 'profile');
    }
    // Check if loadMemberData() has returned a valid result.
    if (!is_array($memberResult)) {
        fatal_lang_error('not_a_user', false);
    }
    // If all went well, we have a valid member ID!
    list($memID) = $memberResult;
    $context['id_member'] = $memID;
    $cur_profile = $user_profile[$memID];
    // Let's have some information about this member ready, too.
    loadMemberContext($memID);
    $context['member'] = $memberContext[$memID];
    // Is this the profile of the user himself or herself?
    $context['user']['is_owner'] = $memID == $user_info['id'];
    /* Define all the sections within the profile area!
    		We start by defining the permission required - then SMF takes this and turns it into the relevant context ;)
    		Possible fields:
    			For Section:
    				string $title:		Section title.
    				array $areas:		Array of areas within this section.
    
    			For Areas:
    				string $label:		Text string that will be used to show the area in the menu.
    				string $file:		Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
    				string $custom_url:	Optional href for area.
    				string $function:	Function to execute for this section.
    				bool $enabled:		Should area be shown?
    				string $sc:		Session check validation to do on save - note without this save will get unset - if set.
    				bool $hidden:		Does this not actually appear on the menu?
    				bool $password:		Whether to require the user's password in order to save the data in the area.
    				array $subsections:	Array of subsections, in order of appearance.
    				array $permission:	Array of permissions to determine who can access this area. Should contain arrays $own and $any.
    	*/
    $profile_areas = array('info' => array('title' => $txt['profileInfo'], 'areas' => array('summary' => array('label' => $txt['summary'], 'file' => 'Profile-View.php', 'function' => 'summary', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'statistics' => array('label' => $txt['statPanel'], 'file' => 'Profile-View.php', 'function' => 'statPanel', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showposts' => array('label' => $txt['showPosts'], 'file' => 'Profile-View.php', 'function' => 'showPosts', 'subsections' => array('messages' => array($txt['showMessages'], array('profile_view_own', 'profile_view_any')), 'topics' => array($txt['showTopics'], array('profile_view_own', 'profile_view_any')), 'attach' => array($txt['showAttachments'], array('profile_view_own', 'profile_view_any'))), 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'permissions' => array('label' => $txt['showPermissions'], 'file' => 'Profile-View.php', 'function' => 'showPermissions', 'permission' => array('own' => 'manage_permissions', 'any' => 'manage_permissions')), 'tracking' => array('label' => $txt['trackUser'], 'file' => 'Profile-View.php', 'function' => 'tracking', 'subsections' => array('activity' => array($txt['trackActivity'], 'moderate_forum'), 'ip' => array($txt['trackIP'], 'moderate_forum'), 'edits' => array($txt['trackEdits'], 'moderate_forum')), 'permission' => array('own' => 'moderate_forum', 'any' => 'moderate_forum')), 'viewwarning' => array('label' => $txt['profile_view_warnings'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && $cur_profile['warning'] && $context['user']['is_owner'] && !empty($modSettings['warning_show']), 'file' => 'Profile-View.php', 'function' => 'viewWarning', 'permission' => array('own' => 'profile_view_own', 'any' => 'issue_warning')))), 'edit_profile' => array('title' => $txt['profileEdit'], 'areas' => array('account' => array('label' => $txt['account'], 'file' => 'Profile-Modify.php', 'function' => 'account', 'enabled' => $context['user']['is_admin'] || $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'sc' => 'post', 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own', 'manage_membergroups'), 'any' => array('profile_identity_any', 'manage_membergroups'))), 'forumprofile' => array('label' => $txt['forumprofile'], 'file' => 'Profile-Modify.php', 'function' => 'forumProfile', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own', 'profile_title_own', 'profile_title_any'), 'any' => array('profile_extra_any', 'profile_title_any'))), 'theme' => array('label' => $txt['theme'], 'file' => 'Profile-Modify.php', 'function' => 'theme', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'authentication' => array('label' => $txt['authentication'], 'file' => 'Profile-Modify.php', 'function' => 'authentication', 'enabled' => !empty($modSettings['enableOpenID']) || !empty($cur_profile['openid_uri']), 'sc' => 'post', 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']), 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own'), 'any' => array('profile_identity_any'))), 'notification' => array('label' => $txt['notification'], 'file' => 'Profile-Modify.php', 'function' => 'notification', 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'pmprefs' => array('label' => $txt['pmprefs'], 'file' => 'Profile-Modify.php', 'function' => 'pmprefs', 'enabled' => allowedTo(array('profile_extra_own', 'profile_extra_any')), 'sc' => 'post', 'permission' => array('own' => array('pm_read'), 'any' => array('profile_extra_any'))), 'ignoreboards' => array('label' => $txt['ignoreboards'], 'file' => 'Profile-Modify.php', 'function' => 'ignoreboards', 'enabled' => !empty($modSettings['allow_ignore_boards']), 'sc' => 'post', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'lists' => array('label' => $txt['editBuddyIgnoreLists'], 'file' => 'Profile-Modify.php', 'function' => 'editBuddyIgnoreLists', 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'], 'sc' => 'post', 'subsections' => array('buddies' => array($txt['editBuddies']), 'ignore' => array($txt['editIgnoreList'])), 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array())), 'groupmembership' => array('label' => $txt['groupmembership'], 'file' => 'Profile-Modify.php', 'function' => 'groupMembership', 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'], 'sc' => 'request', 'permission' => array('own' => array('profile_view_own'), 'any' => array('manage_membergroups'))))), 'profile_action' => array('title' => $txt['profileAction'], 'areas' => array('sendpm' => array('label' => $txt['profileSendIm'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => array('own' => array(), 'any' => array('pm_send'))), 'issuewarning' => array('label' => $txt['profile_issue_warning'], 'enabled' => in_array('w', $context['admin_features']) && $modSettings['warning_settings'][0] == 1 && (!$context['user']['is_owner'] || $context['user']['is_admin']), 'file' => 'Profile-Actions.php', 'function' => 'issueWarning', 'permission' => array('own' => array('issue_warning'), 'any' => array('issue_warning'))), 'banuser' => array('label' => $txt['profileBanUser'], 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add', 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'permission' => array('own' => array(), 'any' => array('manage_bans'))), 'subscriptions' => array('label' => $txt['subscriptions'], 'file' => 'Profile-Actions.php', 'function' => 'subscriptions', 'enabled' => !empty($modSettings['paid_enabled']), 'permission' => array('own' => array('profile_view_own'), 'any' => array('moderate_forum'))), 'deleteaccount' => array('label' => $txt['deleteAccount'], 'file' => 'Profile-Actions.php', 'function' => 'deleteAccount', 'sc' => 'post', 'password' => true, 'permission' => array('own' => array('profile_remove_any', 'profile_remove_own'), 'any' => array('profile_remove_any'))), 'activateaccount' => array('file' => 'Profile-Actions.php', 'function' => 'activateAccount', 'sc' => 'get', 'permission' => array('own' => array(), 'any' => array('moderate_forum'))))));
    // Let them modify profile areas easily.
    call_integration_hook('integrate_profile_areas', array(&$profile_areas));
    // Do some cleaning ready for the menu function.
    $context['password_areas'] = array();
    $current_area = isset($_REQUEST['area']) ? $_REQUEST['area'] : '';
    foreach ($profile_areas as $section_id => $section) {
        // Do a bit of spring cleaning so to speak.
        foreach ($section['areas'] as $area_id => $area) {
            // If it said no permissions that meant it wasn't valid!
            if (empty($area['permission'][$context['user']['is_owner'] ? 'own' : 'any'])) {
                $profile_areas[$section_id]['areas'][$area_id]['enabled'] = false;
            } else {
                $profile_areas[$section_id]['areas'][$area_id]['permission'] = $area['permission'][$context['user']['is_owner'] ? 'own' : 'any'];
            }
            // Password required - only if not on OpenID.
            if (!empty($area['password'])) {
                $context['password_areas'][] = $area_id;
            }
        }
    }
    // Is there an updated message to show?
    if (isset($_GET['updated'])) {
        $context['profile_updated'] = $txt['profile_updated_own'];
    }
    // Set a few options for the menu.
    $menuOptions = array('disable_url_session_check' => true, 'current_area' => $current_area, 'extra_url_parameters' => array('u' => $context['id_member']));
    // Actually create the menu!
    $profile_include_data = createMenu($profile_areas, $menuOptions);
    // No menu means no access.
    if (!$profile_include_data && (!$user_info['is_guest'] || validateSession())) {
        fatal_lang_error('no_access', false);
    }
    // Make a note of the Unique ID for this menu.
    $context['profile_menu_id'] = $context['max_menu_id'];
    $context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
    // Set the selected item - now it's been validated.
    $current_area = $profile_include_data['current_area'];
    $context['menu_item_selected'] = $current_area;
    // Before we go any further, let's work on the area we've said is valid. Note this is done here just in case we every compromise the menu function in error!
    $context['completed_save'] = false;
    $security_checks = array();
    $found_area = false;
    foreach ($profile_areas as $section_id => $section) {
        // Do a bit of spring cleaning so to speak.
        foreach ($section['areas'] as $area_id => $area) {
            // Is this our area?
            if ($current_area == $area_id) {
                // This can't happen - but is a security check.
                if (isset($section['enabled']) && $section['enabled'] == false || isset($area['enabled']) && $area['enabled'] == false) {
                    fatal_lang_error('no_access', false);
                }
                // Are we saving data in a valid area?
                if (isset($area['sc']) && isset($_REQUEST['save'])) {
                    $security_checks['session'] = $area['sc'];
                    $context['completed_save'] = true;
                }
                // Does this require session validating?
                if (!empty($area['validate'])) {
                    $security_checks['validate'] = true;
                }
                // Permissions for good measure.
                if (!empty($profile_include_data['permission'])) {
                    $security_checks['permission'] = $profile_include_data['permission'];
                }
                // Either way got something.
                $found_area = true;
            }
        }
    }
    // Oh dear, some serious security lapse is going on here... we'll put a stop to that!
    if (!$found_area) {
        fatal_lang_error('no_access', false);
    }
    // Release this now.
    unset($profile_areas);
    // Now the context is setup have we got any security checks to carry out additional to that above?
    if (isset($security_checks['session'])) {
        checkSession($security_checks['session']);
    }
    if (isset($security_checks['validate'])) {
        validateSession();
    }
    if (isset($security_checks['permission'])) {
        isAllowedTo($security_checks['permission']);
    }
    // File to include?
    if (isset($profile_include_data['file'])) {
        require_once $sourcedir . '/' . $profile_include_data['file'];
    }
    // Make sure that the area function does exist!
    if (!isset($profile_include_data['function']) || !function_exists($profile_include_data['function'])) {
        destroyMenu();
        fatal_lang_error('no_access', false);
    }
    // Build the link tree.
    $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name']));
    if (!empty($profile_include_data['label'])) {
        $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']);
    }
    if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
        $context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]);
    }
    // Set the template for this area and add the profile layer.
    $context['sub_template'] = $profile_include_data['function'];
    $context['template_layers'][] = 'profile';
    // All the subactions that require a user password in order to validate.
    $check_password = $context['user']['is_owner'] && in_array($profile_include_data['current_area'], $context['password_areas']);
    $context['require_password'] = $check_password && empty($user_settings['openid_uri']);
    // If we're in wireless then we have a cut down template...
    if (WIRELESS && $context['sub_template'] == 'summary' && WIRELESS_PROTOCOL != 'wap') {
        $context['sub_template'] = WIRELESS_PROTOCOL . '_profile';
    }
    // These will get populated soon!
    $post_errors = array();
    $profile_vars = array();
    // Right - are we saving - if so let's save the old data first.
    if ($context['completed_save']) {
        // If it's someone elses profile then validate the session.
        if (!$context['user']['is_owner']) {
            validateSession();
        }
        // Clean up the POST variables.
        $_POST = htmltrim__recursive($_POST);
        $_POST = htmlspecialchars__recursive($_POST);
        if ($check_password) {
            // If we're using OpenID try to revalidate.
            if (!empty($user_settings['openid_uri'])) {
                require_once $sourcedir . '/Subs-OpenID.php';
                smf_openID_revalidate();
            } else {
                // You didn't even enter a password!
                if (trim($_POST['oldpasswrd']) == '') {
                    $post_errors[] = 'no_password';
                }
                // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
                $_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
                // Does the integration want to check passwords?
                $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
                // Bad password!!!
                if (!$good_password && $user_info['passwd'] != sha1(strtolower($cur_profile['member_name']) . $_POST['oldpasswrd'])) {
                    $post_errors[] = 'bad_password';
                }
                // Warn other elements not to jump the gun and do custom changes!
                if (in_array('bad_password', $post_errors)) {
                    $context['password_auth_failed'] = true;
                }
            }
        }
        // Change the IP address in the database.
        if ($context['user']['is_owner']) {
            $profile_vars['member_ip'] = $user_info['ip'];
        }
        // Now call the sub-action function...
        if ($current_area == 'activateaccount') {
            if (empty($post_errors)) {
                activateAccount($memID);
            }
        } elseif ($current_area == 'deleteaccount') {
            if (empty($post_errors)) {
                deleteAccount2($profile_vars, $post_errors, $memID);
                redirectexit();
            }
        } elseif ($current_area == 'groupmembership' && empty($post_errors)) {
            $msg = groupMembership2($profile_vars, $post_errors, $memID);
            // Whatever we've done, we have nothing else to do here...
            redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
        } elseif ($current_area == 'authentication') {
            authentication($memID, true);
        } elseif (in_array($current_area, array('account', 'forumprofile', 'theme', 'pmprefs'))) {
            saveProfileFields();
        } else {
            $force_redirect = true;
            // Ensure we include this.
            require_once $sourcedir . '/Profile-Modify.php';
            saveProfileChanges($profile_vars, $post_errors, $memID);
        }
        // There was a problem, let them try to re-enter.
        if (!empty($post_errors)) {
            // Load the language file so we can give a nice explanation of the errors.
            loadLanguage('Errors');
            $context['post_errors'] = $post_errors;
        } elseif (!empty($profile_vars)) {
            // If we've changed the password, notify any integration that may be listening in.
            if (isset($profile_vars['passwd'])) {
                call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
            }
            updateMemberData($memID, $profile_vars);
            // What if this is the newest member?
            if ($modSettings['latestMember'] == $memID) {
                updateStats('member');
            } elseif (isset($profile_vars['real_name'])) {
                updateSettings(array('memberlist_updated' => time()));
            }
            // If the member changed his/her birthdate, update calendar statistics.
            if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) {
                updateSettings(array('calendar_updated' => time()));
            }
            // Anything worth logging?
            if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled'])) {
                $log_changes = array();
                foreach ($context['log_changes'] as $k => $v) {
                    $log_changes[] = array('action' => $k, 'id_log' => 2, 'log_time' => time(), 'id_member' => $memID, 'ip' => $user_info['ip'], 'extra' => serialize(array_merge($v, array('applicator' => $user_info['id']))));
                }
                $smcFunc['db_insert']('', '{db_prefix}log_actions', array('action' => 'string', 'id_log' => 'int', 'log_time' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'extra' => 'string-65534'), $log_changes, array('id_action'));
            }
            // Have we got any post save functions to execute?
            if (!empty($context['profile_execute_on_save'])) {
                foreach ($context['profile_execute_on_save'] as $saveFunc) {
                    $saveFunc();
                }
            }
            // Let them know it worked!
            $context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
            // Invalidate any cached data.
            cache_put_data('member_data-profile-' . $memID, null, 0);
        }
    }
    // Have some errors for some reason?
    if (!empty($post_errors)) {
        // Set all the errors so the template knows what went wrong.
        foreach ($post_errors as $error_type) {
            $context['modify_error'][$error_type] = true;
        }
    } elseif (!empty($profile_vars) && $context['user']['is_owner']) {
        redirectexit('action=profile;area=' . $current_area . ';updated');
    } elseif (!empty($force_redirect)) {
        redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
    }
    // Call the appropriate subaction function.
    $profile_include_data['function']($memID);
    // Set the page title if it's not already set...
    if (!isset($context['page_title'])) {
        $context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
    }
}
Exemple #23
0
function SwitchBoard()
{
    global $db_prefix, $modSettings;
    // A board cannot be switched when local permissions are disabled.
    if (empty($modSettings['permission_enable_by_board'])) {
        redirectexit('action=permissions');
    }
    // Security above all.
    checkSession('get');
    validateSession();
    $_GET['boardid'] = (int) $_GET['boardid'];
    // Make sure the board exists and can be switched to $_GET['to'].
    $request = db_query("\n\t\tSELECT ID_BOARD\n\t\tFROM {$db_prefix}boards\n\t\tWHERE ID_BOARD = {$_GET['boardid']}\n\t\t\tAND permission_mode = " . ($_GET['to'] == 'local' ? '0' : '1') . "\n\t\tLIMIT 1", __FILE__, __LINE__);
    if (mysql_num_rows($request) != 1) {
        if ($_GET['to'] == 'local') {
            PermissionIndex();
        } else {
            redirectexit('action=permissions');
        }
        return;
    }
    mysql_free_result($request);
    // Copy the global permissions to the specific board.
    if ($_GET['to'] == 'local') {
        $request = db_query("\n\t\t\tSELECT ID_GROUP, permission, addDeny\n\t\t\tFROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = 0", __FILE__, __LINE__);
        $insertRows = array();
        while ($row = mysql_fetch_assoc($request)) {
            $insertRows[] = "({$row['ID_GROUP']}, {$_GET['boardid']}, '{$row['permission']}', {$row['addDeny']})";
        }
        mysql_free_result($request);
        // Reset the current local permissions.
        db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_GET['boardid']}", __FILE__, __LINE__);
        if (!empty($insertRows)) {
            db_query("\n\t\t\t\tINSERT INTO {$db_prefix}board_permissions\n\t\t\t\t\t(ID_GROUP, ID_BOARD, permission, addDeny)\n\t\t\t\tVALUES " . implode(",\n\t\t\t\t\t", $insertRows), __FILE__, __LINE__);
        }
    } else {
        db_query("\n\t\t\tDELETE FROM {$db_prefix}board_permissions\n\t\t\tWHERE ID_BOARD = {$_GET['boardid']}", __FILE__, __LINE__);
    }
    // Update the board setting.
    db_query("\n\t\tUPDATE {$db_prefix}boards\n\t\tSET permission_mode = " . ($_GET['to'] == 'local' ? '1' : '0') . "\n\t\tWHERE ID_BOARD = {$_GET['boardid']}\n\t\tLIMIT 1", __FILE__, __LINE__);
    if ($_GET['to'] == 'local') {
        PermissionByBoard();
    } else {
        redirectexit('action=permissions;sa=board');
    }
}
/**
 * Change filed for any CRM Entity
 * 
 * @param arrya $input_array    input data
 * @return string               true or false 
 */
function change_entity_field($input_array)
{
    global $adb, $log;
    $adb->println("Inside customer portal function change_entity_field");
    $adb->println($input_array);
    $contact_id = $input_array['id'];
    $session_id = $input_array['sessionid'];
    $module = $input_array['module'];
    $entity_id = $input_array['entityid'];
    $field_name = $input_array['fieldname'];
    $field_value = $input_array['fieldvalue'];
    global $current_user;
    $current_user->id = getPortalUserid();
    require_once "modules/{$module}/{$module}.php";
    if (!validateSession($contact_id, $session_id)) {
        return null;
    }
    $entity = CRMEntity::getInstance($module);
    if ($entity_id > 0) {
        $entity->retrieve_entity_info($entity_id, $module);
        $entity->column_fields[$field_name] = $field_value;
        if ($module == 'SalesOrder' || $module == 'Invoice' || $module == 'PurchaseOrder' || $module == 'Quotes') {
            // in ajax save we should not call update related products
            // function, because this will delete all the existing product values
            $_REQUEST['ajxaction'] = 'DETAILVIEW';
        }
        $entity->save($module, $entity_id);
        if ($entity->column_fields["record_id"] == $entity->id) {
            $adb->println("{$module} from Portal is saved with id => " . $entity->id);
            return array($entity->id);
        }
    }
    $adb->println("There may be error in saving the {$module}");
    return null;
}
function isAllowedTo($permission, $boards = null)
{
    global $user_info, $txt;
    static $heavy_permissions = array('admin_forum', 'manage_attachments', 'manage_smileys', 'manage_boards', 'edit_news', 'moderate_forum', 'manage_bans', 'manage_membergroups', 'manage_permissions');
    // Make it an array, even if a string was passed.
    $permission = is_array($permission) ? $permission : array($permission);
    // Check the permission and return an error...
    if (!allowedTo($permission, $boards)) {
        // Pick the last array entry as the permission shown as the error.
        $error_permission = array_shift($permission);
        // If they are a guest, show a login. (because the error might be gone if they do!)
        if ($user_info['is_guest']) {
            loadLanguage('Errors');
            is_not_guest($txt['cannot_' . $error_permission]);
        }
        // Clear the action because they aren't really doing that!
        $_GET['action'] = '';
        $_GET['board'] = '';
        $_GET['topic'] = '';
        writeLog(true);
        fatal_lang_error('cannot_' . $error_permission, false);
        // Getting this far is a really big problem, but let's try our best to prevent any cases...
        trigger_error('Hacking attempt...', E_USER_ERROR);
    }
    // If you're doing something on behalf of some "heavy" permissions, validate your session.
    // (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
    if (!allowedTo(array_diff($permission, $heavy_permissions), $boards)) {
        validateSession();
    }
}
Exemple #26
0
include "../includes/classes.php";
require_once getLanguage(null, !empty($_GET['lang']) ? $_GET['lang'] : $_COOKIE['lang'], 2);
session_start();
$db = new mysqli($CONF['host'], $CONF['user'], $CONF['pass'], $CONF['name']);
if ($db->connect_errno) {
    echo "Failed to connect to MySQL: (" . $db->connect_errno . ") " . $db->connect_error;
}
$db->set_charset("utf8");
$resultSettings = $db->query(getSettings());
$settings = $resultSettings->fetch_assoc();
// The theme complete url
$CONF['theme_url'] = $CONF['theme_path'] . '/' . $settings['theme'];
if (isset($_POST['id'])) {
    $feed = new feed();
    $feed->db = $db;
    $feed->url = $CONF['url'];
    if (isset($_SESSION['username']) && isset($_SESSION['password']) || isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
        $loggedIn = new loggedIn();
        $loggedIn->db = $db;
        $loggedIn->url = $CONF['url'];
        $loggedIn->username = isset($_SESSION['username']) ? $_SESSION['username'] : $_COOKIE['username'];
        $loggedIn->password = isset($_SESSION['password']) ? $_SESSION['password'] : $_COOKIE['password'];
        $verify = $loggedIn->verify();
        $feed->user = $verify;
        $feed->username = $verify['username'];
        $feed->id = $verify['idu'];
    }
    if (validateSession('download', 10)) {
        $feed->addDownload($_POST['id']);
    }
}
Exemple #27
0
function get_user_columns($user_name, $session)
{
    if (!validateSession($user_name, $session)) {
        return null;
    }
    global $current_user;
    require_once 'modules/Users/Users.php';
    $seed_user = new Users();
    $user_id = $seed_user->retrieve_user_id($user_name);
    $current_user = $seed_user;
    $current_user->retrieve_entity_info($user_id, 'Users');
    $user = new Users();
    return $user->getColumnNames_User();
}
Exemple #28
0
 /**
  * Reorders the message icons from a drag/drop event
  */
 public function action_messageiconorder()
 {
     global $context, $txt;
     // Initilize
     $context['xml_data'] = array();
     $errors = array();
     $order = array();
     // Seems these will be needed
     loadLanguage('Errors');
     loadLanguage('ManageSmileys');
     require_once SUBSDIR . '/MessageIcons.subs.php';
     // You have to be allowed to do this
     $validation_token = validateToken('admin-sort', 'post', true, false);
     $validation_session = validateSession();
     if (empty($validation_session) && $validation_token === true) {
         // No questions that we are reordering
         if (isset($_POST['order']) && $_POST['order'] == 'reorder') {
             // Get the current list of icons.
             $message_icons = fetchMessageIconsDetails();
             $view_order = 0;
             $iconInsert = array();
             // The field ids arrive in 1-n view order, so we simply build an update array
             foreach ($_POST['list_message_icon_list'] as $id) {
                 $iconInsert[] = array($id, $message_icons[$id]['board_id'], $message_icons[$id]['title'], $message_icons[$id]['filename'], $view_order);
                 $view_order++;
             }
             // With the replace set
             if (!empty($iconInsert)) {
                 updateMessageIcon($iconInsert);
                 sortMessageIconTable();
             } else {
                 $errors[] = array('value' => $txt['no_sortable_items']);
             }
         }
         $order[] = array('value' => $txt['icons_reordered']);
     } else {
         if (!empty($validation_session)) {
             $errors[] = array('value' => $txt[$validation_session]);
         }
         if (empty($validation_token)) {
             $errors[] = array('value' => $txt['token_verify_fail']);
         }
     }
     // New generic token for use
     createToken('admin-sort', 'post');
     $tokens = array(array('value' => $context['admin-sort_token'], 'attributes' => array('type' => 'token')), array('value' => $context['admin-sort_token_var'], 'attributes' => array('type' => 'token_var')));
     // Return the response
     $context['sub_template'] = 'generic_xml';
     $context['xml_data'] = array('orders' => array('identifier' => 'order', 'children' => $order), 'tokens' => array('identifier' => 'token', 'children' => $tokens), 'errors' => array('identifier' => 'error', 'children' => $errors));
 }
Exemple #29
0
<?php

include "../util/config.php";
include "../util/screen.php";
include "../util/session_mgr.php";
$action = $_GET["action"];
$server = urldecode($_GET["server"]);
validateSession();
mysql_connect($sqlserver, $sqluser, $sqlpass);
mysql_select_db('Together');
$serverInfo = mysql_query("SELECT * FROM Servers WHERE name='" . $server . "'");
if (mysql_num_rows($serverInfo) > 0) {
    if ($action == "start") {
        if (mysql_result($serverInfo, 0, 2) != "") {
            startScreenWithNameAndCmd(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 4), mysql_result($serverInfo, 0, 2));
        } else {
            startScreenWithNameAndCmd(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 4));
        }
    } else {
        if ($action == "stop") {
            sendCmdToScreen(mysql_result($serverInfo, 0, 1), mysql_result($serverInfo, 0, 5));
        }
    }
}
if ($action == "delete") {
    mysql_query("DELETE FROM Servers WHERE name='" . $server . "'");
}
if ($action == "hide") {
    mysql_query("UPDATE Servers SET visible='0' WHERE name='" . $server . "'");
}
if ($action == "show") {
Exemple #30
0
function AnnounceTopic()
{
    global $context, $txt, $topic;
    isAllowedTo('announce_topic');
    validateSession();
    if (empty($topic)) {
        fatal_lang_error('topic_gone', false);
    }
    loadLanguage('Post');
    loadTemplate('Post');
    $subActions = array('selectgroup' => 'AnnouncementSelectMembergroup', 'send' => 'AnnouncementSend');
    $context['page_title'] = $txt['announce_topic'];
    // Call the function based on the sub-action.
    $subActions[isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'selectgroup']();
}