$template->set_var('FTAN', $admin->getFTAN()); // Group list 1 $query = "SELECT * FROM " . TABLE_PREFIX . "groups"; $get_groups = $database->query($query); $template->set_block('main_block', 'group_list_block', 'group_list'); // Insert admin group and current group first $admin_group_name = $get_groups->fetchRow(MYSQLI_ASSOC); $template->set_var(array('ID' => 1, 'TOGGLE' => '1', 'DISABLED' => ' disabled="disabled"', 'LINK_COLOR' => '000000', 'CURSOR' => 'default', 'NAME' => $admin_group_name['name'], 'CHECKED' => ' checked="checked"')); $template->parse('group_list', 'group_list_block', true); while ($group = $get_groups->fetchRow(MYSQLI_ASSOC)) { // check if the user is a member of this group $flag_disabled = ''; $flag_checked = ''; $flag_cursor = 'pointer'; $flag_color = ''; if (in_array($group["group_id"], $admin->get_groups_id())) { $flag_disabled = ''; //' disabled'; $flag_checked = ' checked="checked"'; $flag_cursor = 'default'; $flag_color = '000000'; } // Check if the group is allowed to edit pages $system_permissions = explode(',', $group['system_permissions']); if (is_numeric(array_search('pages_modify', $system_permissions))) { $template->set_var(array('ID' => $group['group_id'], 'TOGGLE' => $group['group_id'], 'CHECKED' => $flag_checked, 'DISABLED' => $flag_disabled, 'LINK_COLOR' => $flag_color, 'CURSOR' => $flag_checked, 'NAME' => $group['name'])); $template->parse('group_list', 'group_list_block', true); } } // Group list 2 $query = "SELECT * FROM " . TABLE_PREFIX . "groups";
$module_dir = basename(dirname($_SERVER["SCRIPT_NAME"])); // Create js back link $js_back = ADMIN_URL . '/pages/sections.php?page_id=' . $page_id; // Get perms // unset($admin_header); if (!is_numeric($page_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($page_id > 0) { $page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php'); } else { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL); } $old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $page['admin_users'])); $in_group = false; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_group = true; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { print $admin->get_group_id() . $admin->get_user_id(); // print_r ($old_admin_groups); $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if (!is_numeric($section_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($section_id > 0) { $section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php');
$tpl->set_block('show_settings', ''); } else { $tpl->parse('show_settings', 'show_settings_block', true); } $tpl->set_block('main_block', 'show_admintools_block', 'show_admintools'); if ($admin->get_permission('admintools') != true) { $tpl->set_var('DISPLAY_ADMINTOOLS', 'display:none;'); $tpl->set_block('show_admintools', ''); } else { $tpl->parse('show_admintools', 'show_admintools_block', true); } /** * Try to delete install directory - it's still not needed anymore. * Additional check for the user to be logged in with administrator-rights. */ if (file_exists(LEPTON_PATH . '/install/') && in_array(1, $admin->get_groups_id())) { $result = rm_full_dir(LEPTON_PATH . '/install/'); if (false === $result) { /** * Removing the install directory failed! So we are * in the need to throw an error-message to the user. */ $tpl->set_var("WARNING", "<br />" . $MESSAGE['START_INSTALL_DIR_EXISTS'] . "<br />"); } } // Insert "Add-ons" section overview (pretty complex compared to normal) $addons_overview = $TEXT['MANAGE'] . ' '; $addons_count = 0; if ($admin->get_permission('modules') == true) { $addons_overview .= '<a href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>'; $addons_count = 1;
$template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...'); $template->set_var('SELECTED', ''); $template->parse('group_list', 'group_list_block', true); while ($group = $results->fetchRow()) { $template->set_var('ID', $group['group_id']); $template->set_var('NAME', $group['name']); if (in_array($group['group_id'], explode(",", $user['groups_id']))) { $template->set_var('SELECTED', ' selected="selected"'); } else { $template->set_var('SELECTED', ''); } $template->parse('group_list', 'group_list_block', true); } } // Only allow the user to add a user to the Administrators group if they belong to it if (in_array(1, $admin->get_groups_id())) { $template->set_var('ID', '1'); $users_groups = $admin->get_groups_name(); $template->set_var('NAME', $users_groups[1]); $in_group = false; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, explode(",", $user['groups_id']))) { $in_group = true; } } if ($in_group) { $template->set_var('SELECTED', ' selected="selected"'); } else { $template->set_var('SELECTED', ''); } $template->parse('group_list', 'group_list_block', true);
$template->set_block('main_block', 'group_list_block', 'group_list'); $results = $database->query("SELECT `group_id`,`name` FROM `" . TABLE_PREFIX . "groups` WHERE `group_id` != '1' ORDER BY `name`"); if ($results->numRows() > 0) { $template->set_var('ID', ''); $template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...'); $template->set_var('SELECTED', ''); $template->parse('group_list', 'group_list_block', true); while (false != ($group = $results->fetchRow(MYSQL_ASSOC))) { $template->set_var('ID', $group['group_id']); $template->set_var('NAME', $group['name']); $template->set_var('SELECTED', in_array($group['group_id'], explode(",", $user['groups_id'])) ? ' selected="selected"' : ''); $template->parse('group_list', 'group_list_block', true); } } // Only allow the user to add a user to the Administrators group if they belong to it if (in_array(1, $admin->get_groups_id())) { // Add Administrators group $qr2 = $database->query("SELECT `group_id`,`name` FROM `" . TABLE_PREFIX . "groups` WHERE `group_id` = '1'"); if ($qr2->numRows() > 0) { $group = $qr2->fetchRow(MYSQL_ASSOC); $template->set_var('ID', $group['group_id']); $template->set_var('NAME', $group['name']); $template->set_var('SELECTED', in_array($group['group_id'], explode(",", $user['groups_id'])) ? ' selected="selected"' : ''); $template->parse('group_list', 'group_list_block', true); } } else { // just in case there is no (visible) membership at all if ($results->numRows() == 0) { $template->set_var('ID', ''); $template->set_var('NAME', $TEXT['NONE_FOUND']); $template->set_var('SELECTED', ' selected="selected"');
public function createPage($title, $parent, $module, $visibility, $admin_groups, $viewing_groups) { global $database; // admin object initialisieren require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; require_once WB_PATH . '/framework/class.order.php'; $admin = new admin('Pages', 'pages_add', false, false); $title = htmlspecialchars($title); // sicherstellen, dass Admin in der Admin-Gruppe und in der Betrachter-Gruppe existiert if (!in_array(1, $admin_groups)) { $admin_groups[] = 1; } if (!in_array(1, $viewing_groups)) { $viewing_groups[] = 1; } // Leerer Titel? if ($title == '' || substr($title, 0, 1) == '.') { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_blank_title)); return false; } // pruefen, ob die Seite ueber die erforderlichen Rechte verfuegt if (!in_array(1, $admin->get_groups_id())) { $admin_perm_ok = false; foreach ($admin_groups as $adm_group) { if (in_array($adm_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions)); return false; } $admin_perm_ok = false; foreach ($viewing_groups as $view_group) { if (in_array($view_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions)); return false; } } $admin_groups = implode(',', $admin_groups); $viewing_groups = implode(',', $viewing_groups); // Dateinamen erstellen if ($parent == '0') { $link = '/' . page_filename($title); // Dateinamen 'index' und 'intro' umbenennen um Kollisionen zu vermeiden if ($link == '/index' || $link == '/intro') { $link .= '_0'; $filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . '_0' . PAGE_EXTENSION; } else { $filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . PAGE_EXTENSION; } } else { $parent_section = ''; $parent_titles = array_reverse(get_parent_titles($parent)); foreach ($parent_titles as $parent_title) { $parent_section .= page_filename($parent_title) . '/'; } if ($parent_section == '/') { $parent_section = ''; } $page_filename = page_filename($title); $page_filename = str_replace('_', '-', $page_filename); $link = '/' . $parent_section . $page_filename; $filename = WB_PATH . PAGES_DIRECTORY . '/' . $parent_section . $page_filename . PAGE_EXTENSION; make_dir(WB_PATH . PAGES_DIRECTORY . '/' . $parent_section); } // prufen, ob bereits eine Datei mit dem gleichen Dateinamen existiert $dbPages = new db_wb_pages(); $where = array(); $where[db_wb_pages::field_link] = $link; $pages = array(); if (!$dbPages->sqlSelectRecord($where, $pages)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } if (sizeof($pages) > 0 || file_exists(WB_PATH . PAGES_DIRECTORY . $link . PAGE_EXTENSION) || file_exists(WB_PATH . PAGES_DIRECTORY . $link . '/')) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, sprintf(kit_error_page_exists, $link))); return false; } // include the ordering class $order = new order(TABLE_PREFIX . 'pages', 'position', 'page_id', 'parent'); // clean order $order->clean($parent); // get the new order $position = $order->get_new($parent); // Template und Sprache der uebergeordneten Seite ermitteln $where = array(); $where[db_wb_pages::field_page_id] = $parent; $pages = array(); if (!$dbPages->sqlSelectRecord($where, $pages)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } if (sizeof($pages) > 0) { $template = $pages[0][db_wb_pages::field_template]; $language = $pages[0][db_wb_pages::field_language]; } else { $template = ''; $language = DEFAULT_LANGUAGE; } // Neue Seite in Tabelle einfuegen $data = array(); $data[db_wb_pages::field_page_title] = $title; $data[db_wb_pages::field_menu_title] = $title; $data[db_wb_pages::field_parent] = $parent; $data[db_wb_pages::field_template] = $template; $data[db_wb_pages::field_target] = '_top'; $data[db_wb_pages::field_position] = $position; $data[db_wb_pages::field_visibility] = $visibility; $data[db_wb_pages::field_searching] = 1; $data[db_wb_pages::field_menu] = 1; $data[db_wb_pages::field_language] = $language; $data[db_wb_pages::field_admin_groups] = $admin_groups; $data[db_wb_pages::field_viewing_groups] = $viewing_groups; $data[db_wb_pages::field_modified_when] = time(); $data[db_wb_pages::field_modified_by] = $admin->get_user_id(); $page_id = -1; if (!$dbPages->sqlInsertRecord($data, $page_id)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } // work out the level $level = level_count($page_id); // work out root parent $root_parent = root_parent($page_id); // work out page trail $page_trail = get_page_trail($page_id); $where = array(); $where[db_wb_pages::field_page_id] = $page_id; $data = array(); $data[db_wb_pages::field_link] = $link; $data[db_wb_pages::field_level] = $level; $data[db_wb_pages::field_root_parent] = $root_parent; $data[db_wb_pages::field_page_trail] = $page_trail; if (!$dbPages->sqlUpdateRecord($data, $where)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } // create a new file in the /pages directory create_access_file($filename, $page_id, $level); // add position 1 to new page $position = 1; // add a new record to section table $dbSections = new db_wb_sections(); $data = array(); $data[db_wb_sections::field_page_id] = $page_id; $data[db_wb_sections::field_position] = $position; $data[db_wb_sections::field_module] = $module; $data[db_wb_sections::field_block] = 1; $section_id = -1; if (!$dbSections->sqlInsertRecord($data, $section_id)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbSections->getError())); return false; } if (file_exists(WB_PATH . '/modules/' . $module . '/add.php')) { require WB_PATH . '/modules/' . $module . '/add.php'; } if ($database->is_error()) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $database->get_error())); return false; } return $page_id; }
} else { $section_id = intval($_POST['section_id']); } // $js_back = "javascript: history.go(-1);"; $js_back = ADMIN_URL . '/pages/modify.php?page_id=' . $page_id; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // After check print the header $admin->print_header(); // Get perms $sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id; $results = $database->query($sql); $results_array = $results->fetchRow(); if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page module $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id; $module = $database->get_one($sql); if (!$module) { $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']); } // Update the pages table $now = time(); $sql = 'UPDATE `' . TABLE_PREFIX . 'pages` ' . 'SET `modified_when`=' . $now . ', ' . '`modified_by`=' . $admin->get_user_id() . ' ' . 'WHERE `page_id`=' . $page_id; $database->query($sql); // Include the modules saving script if it exists if (file_exists(WB_PATH . '/modules/' . $module . '/save.php')) { include_once WB_PATH . '/modules/' . $module . '/save.php';
exit(0); } else { $page_id = $_GET['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_settings'); // Include the functions file require_once LEPTON_PATH . '/framework/summary.utf8.php'; // Get perms $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'pages` WHERE `page_id` = ' . $page_id; $results = $database->query($sql); $results_array = $results->fetchRow(MYSQL_ASSOC); $old_admin_groups = explode(',', $results_array['admin_groups']); $old_admin_users = explode(',', $results_array['admin_users']); $in_old_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_old_group = TRUE; } } if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page details $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'pages` WHERE `page_id`=' . $page_id; $results = $database->query($sql); if ($database->is_error()) { $admin->print_header(); $admin->print_error($database->get_error()); } if ($results->numRows() == 0) {
$secqfetch = $secq->fetchRow(); if ($secqfetch['page_id'] != $page_id or $secqfetch['section_id'] != $section_id) { die("Parameter mismatch"); } } else { $secq = $database->query("SELECT section_id FROM " . TABLE_PREFIX . "sections WHERE module = '{$mod_dir}' AND section_id = '{$section_id}' AND page_id = '{$page_id}'"); if ($secq->numRows() != 1) { die("Something strange has happened!"); } } } //Aus module_settings.php: //$authorsgroup: Die Gruppe, der Autoren angehören. //$noadmin_nooptions: Default: 1: Nur der Admin (Gruppe 1) kann Settings ändern $user_id = $admin->get_user_id(); $user_in_groups = $admin->get_groups_id(); $authoronly = false; //$authoronly: Zeigt im weiteren Verlauf an, ob der User nur als Autor berechtigt ist. $showoptions = true; $author_invited = false; //Flag, zeigt an: Ist als Autor eingeladen = darf bearbeiten, aber ist NICHT Ersteller (posted_by) if ($authorsgroup > 0) { //Care about users if (in_array($authorsgroup, $user_in_groups)) { $authoronly = true; $showoptions = false; echo "AUTOR"; } else { $author_trust_rating = 0; //Best Trust; Flag aus module_settings.php wird zurückgesetzt }
if (!$admin->get_page_permission($parent, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } elseif (!$admin->get_permission('pages_add_l0', 'system')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // check module permissions: if (!$admin->get_permission($module, 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Validate data if ($title == '' || substr($title, 0, 1) == '.') { $admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']); } // Check to see if page created has needed permissions if (!in_array(1, $admin->get_groups_id())) { $admin_perm_ok = false; foreach ($admin_groups as $adm_group) { if (in_array($adm_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } $admin_perm_ok = false; foreach ($viewing_groups as $view_group) { if (in_array($view_group, $admin->get_groups_id())) { $admin_perm_ok = true; } }
$template = new Template(THEME_PATH . '/templates'); // Insert urls $template->set_var(array('THEME_URL' => THEME_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'ADMIN_URL' => ADMIN_URL)); print_search_form(); print_list_page(); $template->set_file('page', 'pages.htt'); $template->set_block('page', 'main_block', 'main'); // Group list 1 $query = "SELECT * FROM " . TABLE_PREFIX . "groups"; $get_groups = $database->query($query); $template->set_block('main_block', 'group_list_block', 'group_list'); // Insert admin group and current group first $admin_group_name = $get_groups->fetchRow(MYSQL_ASSOC); $template->set_var(array('ID' => 1, 'TOGGLE' => '1', 'DISABLED' => ' disabled="disabled"', 'LINK_COLOR' => '000000', 'CURSOR' => 'default', 'NAME' => $admin_group_name['name'], 'CHECKED' => ' checked="checked"')); $template->parse('group_list', 'group_list_block', true); $admin_groups_id = $admin->get_groups_id(); while ($group = $get_groups->fetchRow(MYSQL_ASSOC)) { // check if the user is a member of this group $flag_disabled = ''; $flag_checked = ''; $flag_cursor = 'pointer'; $flag_color = ''; if (in_array($group["group_id"], $admin_groups_id)) { $flag_disabled = ''; //' disabled'; $flag_checked = ' checked="checked"'; $flag_cursor = 'default'; $flag_color = '000000'; } // Check if the group is allowed to edit pages $system_permissions = explode(',', $group['system_permissions']);
if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php global $TEXT; header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: text/html; charset:utf-8;"); // not needed, config is loaded with class.secure // include realpath(dirname(__FILE__)).'/../../config.php'; include realpath(dirname(__FILE__)) . '/../../framework/class.admin.php'; $admin = new admin('Settings', 'settings_basic'); $curr_user_is_admin = in_array(1, $admin->get_groups_id()); if (!$curr_user_is_admin) { echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>"; exit; } $settings = array(); $sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings`'; if ($res_settings = $database->query($sql)) { while ($row = $res_settings->fetchRow()) { $settings[strtoupper($row['name'])] = $row['name'] != 'wbmailer_smtp_password' ? htmlspecialchars($row['value']) : $row['value']; } } ob_clean(); // send mail if ($admin->mail($settings['SERVER_EMAIL'], $settings['SERVER_EMAIL'], 'LEPTON PHP MAILER', $TEXT['WBMAILER_TESTMAIL_TEXT'])) { echo "<div style='border: 2px solid #006600; padding: 5px; text-align: center; background-color: #dff2bf;'>", $TEXT['WBMAILER_TESTMAIL_SUCCESS'], "</div>";