// Create new template object
$template = new Template(dirname($admin->correct_theme_source('admintools.htt')));
// $template->debug = true;
$template->set_file('page', 'admintools.htt');
$template->set_block('page', 'main_block', 'main');
// Insert required template variables
$template->set_var('ADMIN_URL', ADMIN_URL);
$template->set_var('THEME_URL', THEME_URL);
$template->set_var('HEADING_ADMINISTRATION_TOOLS', $HEADING['ADMINISTRATION_TOOLS']);
// Insert tools into tool list
$template->set_block('main_block', 'tool_list_block', 'tool_list');
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` WHERE `type` = \'module\' AND `function` = \'tool\' order by `name`';
$results = $database->query($sql);
if ($results->numRows() > 0) {
while ($tool = $results->fetchRow()) {
if ($admin->get_permission($tool['directory'], 'module')) {
$template->set_var('TOOL_NAME', $tool['name']);
$template->set_var('TOOL_DIR', $tool['directory']);
// check if a module description exists for the displayed backend language
$tool_description = false;
if (function_exists('file_get_contents') && file_exists(WB_PATH . '/modules/' . $tool['directory'] . '/languages/' . LANGUAGE . '.php')) {
// read contents of the module language file into string
$data = @file_get_contents(WB_PATH . '/modules/' . $tool['directory'] . '/languages/' . LANGUAGE . '.php');
$tool_description = get_variable_content('module_description', $data, true, false);
}
$template->set_var('TOOL_DESCRIPTION', $tool_description === False ? $tool['description'] : $tool_description);
$template->parse('tool_list', 'tool_list_block', true);
}
}
} else {
$template->set_var('TOOL_LIST', $TEXT['NONE_FOUND']);
}
$filetype_url = THEME_URL . '/images/files/' . $filetypeicon . '.png';
$template->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), 'LINK' => WB_URL . MEDIA_DIRECTORY . $directory . '/' . $name, 'LINK_TARGET' => '_blank', 'ROW_BG_COLOR' => $row_bg_color, 'FT_ICON' => empty($icon) ? $filetype_url : $icon, 'FILETYPE_ICON' => $filetype_url, 'MOUSEOVER' => $tooltip, 'IMAGEDETAIL' => $imgdetail, 'SIZE' => $bytes, 'DATE' => $date, 'PREVIEW' => $preview, 'IMAGE_TITLE' => $name, 'IMAGE_EXIST' => 'blank_16.gif'));
$template->parse('list', 'list_block', true);
// Code to alternate row colors
if ($row_bg_color == 'FFF') {
$row_bg_color = 'ECF1F3';
} else {
$row_bg_color = 'FFF';
}
}
}
}
// If no files are in the media folder say so
if ($temp_id == 0) {
$template->set_var('DISPLAY_LIST_TABLE', 'hide');
} else {
$template->set_var('DISPLAY_NONE_FOUND', 'hide');
}
// Insert permissions values
if ($admin->get_permission('media_rename') != true) {
$template->set_var('DISPLAY_RENAME', 'hide');
}
if ($admin->get_permission('media_delete') != true) {
$template->set_var('DISPLAY_DELETE', 'hide');
}
// Insert language text and messages
$template->set_var(array('MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_SIZE' => $TEXT['SIZE'], 'TEXT_DATE' => $TEXT['DATE'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TYPE' => $TEXT['TYPE'], 'TEXT_UP' => $TEXT['UP'], 'NONE_FOUND' => $MESSAGE['MEDIA']['NONE_FOUND'], 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'CONFIRM_DELETE' => $MESSAGE['MEDIA']['CONFIRM_DELETE']));
// Parse template object
$template->parse('main', 'main_block', false);
$template->pparse('output', 'page');
<?php
/**
* CMS module: Download Gallery 3
* Copyright and more information see file info.php
**/
require realpath(dirname(__FILE__) . '/../../config.php');
// check permissions
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
$dlgmodname = str_replace(str_replace('\\', '/', WB_PATH) . '/modules/', '', str_replace('\\', '/', dirname(__FILE__)));
if (!($admin->is_authenticated() && $admin->get_permission($dlgmodname, 'module'))) {
header('Location: ../../index.php');
}
require_once WB_PATH . '/framework/class.order.php';
// if there's no item_id, it should be a group
if (!isset($_POST['item_id'])) {
if (!isset($_POST['group_id'])) {
} else {
$group_id = is_numeric($_POST['group_id']) ? $_POST['group_id'] : NULL;
$prev_id = is_numeric($_POST['prev_id']) ? $_POST['prev_id'] : NULL;
// new position
$o = new order(TABLE_PREFIX . $tablename . '_groups', 'position', 'group_id', 'section_id');
if ($group_id) {
if ($prev_id) {
$pos = $database->get_one('SELECT `position` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $prev_id . "'");
} else {
$pos = 0;
}
$database->query("UPDATE `" . TABLE_PREFIX . $tablename . "_groups` SET `position` = '" . $pos++ . "' WHERE `group_id` = '" . $group_id . "'");
$section_id = $database->get_one('SELECT `section_id` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $group_id . "'");
if (in_array($cur_gid, $old_admin_groups)) {
$in_group = true;
}
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
print $admin->get_group_id() . $admin->get_user_id();
// print_r ($old_admin_groups);
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if (!is_numeric($section_id)) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($section_id > 0) {
$section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php');
if (!$admin->get_permission($section['module'], 'module')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL);
}
}
// Workout if the developer wants to show the info banner
if (isset($print_info_banner) && $print_info_banner == true) {
// Get page details already defined
// Get display name of person who last modified the page
$user = $admin->get_user_details($page['modified_by']);
// Convert the unix ts for modified_when to human a readable form
$modified_ts = 'Unknown';
if ($page['modified_when'] != 0) {
$modified_ts = gmdate(TIME_FORMAT . ', ' . DATE_FORMAT, $page['modified_when'] + TIMEZONE);
}
// Setup template object, parse vars to it, then parse it
// Create new template object
$admin = new admin('Start', 'start');
// Setup template object
$tpl = new Template(THEME_PATH . '/templates');
$tpl->debug = false;
$tpl->set_file('page', 'start.htt');
$tpl->set_block('page', 'main_block', 'main');
$tpl->set_block('main_block', 'show_preferences_block', 'show_preferences');
// first set all blocks to visible
$tpl->parse('show_preferences', 'show_preferences_block', true);
// Check register_globals:
$warning = ini_get('register_globals') ? 'This PHP installation is insecure because register_globals is on! Please contact your administrator.' : '';
// Insert values into the template object
$tpl->set_var(array('WELCOME_MESSAGE' => $MESSAGE['START_WELCOME_MESSAGE'], 'CURRENT_USER' => $MESSAGE['START_CURRENT_USER'], 'DISPLAY_NAME' => $admin->get_display_name(), 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'THEME_URL' => THEME_URL, 'NO_CONTENT' => '<p> </p>', 'WARNING' => $warning));
// Insert permission values into the template object
$tpl->set_block('main_block', 'show_pages_block', 'show_pages');
if ($admin->get_permission('pages') != true) {
$tpl->set_var('DISPLAY_PAGES', 'display:none;');
$tpl->set_block('show_pages', '');
} else {
$tpl->parse('show_pages', 'show_pages_block', true);
}
$tpl->set_block('main_block', 'show_media_block', 'show_media');
if ($admin->get_permission('media') != true) {
$tpl->set_var('DISPLAY_MEDIA', 'display:none;');
$tpl->set_block('show_media', '');
} else {
$tpl->parse('show_media', 'show_media_block', true);
}
$tpl->set_block('main_block', 'show_addons_block', 'show_addons');
if ($admin->get_permission('addons') != true) {
$tpl->set_var('DISPLAY_ADDONS', 'display:none;');
$template = new Template(dirname($admin->correct_theme_source('languages.htt')));
// $template->debug = true;
$template->set_file('page', 'languages.htt');
$template->set_block('page', 'main_block', 'main');
// Insert values into language list
$template->set_block('main_block', 'language_list_block', 'language_list');
$result = $database->query("SELECT * FROM " . TABLE_PREFIX . "addons WHERE type = 'language' order by directory");
if ($result->numRows() > 0) {
while ($addon = $result->fetchRow()) {
$template->set_var('VALUE', $addon['directory']);
$template->set_var('NAME', $addon['name'] . ' (' . $addon['directory'] . ')');
$template->parse('language_list', 'language_list_block', true);
}
}
// Insert permissions values
if ($admin->get_permission('languages_install') != true) {
$template->set_var('DISPLAY_INSTALL', 'hide');
}
if ($admin->get_permission('languages_uninstall') != true) {
$template->set_var('DISPLAY_UNINSTALL', 'hide');
}
if ($admin->get_permission('languages_view') != true) {
$template->set_var('DISPLAY_LIST', 'hide');
}
// Insert language headings
$template->set_var(array('HEADING_INSTALL_LANGUAGE' => $HEADING['INSTALL_LANGUAGE'], 'HEADING_UNINSTALL_LANGUAGE' => $HEADING['UNINSTALL_LANGUAGE'], 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS']));
// insert urls
$template->set_var(array('ADMIN_URL' => ADMIN_URL, 'WB_URL' => WB_URL, 'THEME_URL' => THEME_URL, 'FTAN' => $admin->getFTAN()));
// Insert language text and messages
$template->set_var(array('URL_MODULES' => $admin->get_permission('modules') ? '<a href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>' : '', 'URL_ADVANCED' => '          ', 'URL_TEMPLATES' => $admin->get_permission('templates') ? '<a href="' . ADMIN_URL . '/templates/index.php">' . $MENU['TEMPLATES'] . '</a>' : '', 'TEXT_INSTALL' => $TEXT['INSTALL'], 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT']));
// Parse template object
if (!file_exists(WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php')) {
// no module language file exists for the language set by the user, include default module language file DE.php
require_once WB_PATH . '/modules/foldergallery/languages/DE.php';
} else {
// a module language file exists for the language defined by the user, load it
require_once WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php';
}
// First we prevent direct access and check for variables
if (!isset($_POST['action']) or !isset($_POST['recordsArray'])) {
// now we redirect to index, if you are in subfolder use ../index.php
header('Location: ../../index.php');
} else {
// check if user has permissions to access the module
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('foldergallery', 'module'))) {
die(header('Location: ../../index.php'));
}
// Sanitized variables
$action = $admin->add_slashes($_POST['action']);
$updateRecordsArray = isset($_POST['recordsArray']) ? $_POST['recordsArray'] : array();
// This line verifies that in &action is not other text than "updateRecordsListings", if something else is inputed (to try to HACK the DB), there will be no DB access..
if ($action == "updateRecordsListings") {
$listingCounter = 1;
$output = "";
foreach ($updateRecordsArray as $recordIDValue) {
$database->query("UPDATE `" . TABLE_PREFIX . "mod_foldergallery_categories` SET position = " . $listingCounter . " WHERE `id` = " . $recordIDValue);
$listingCounter++;
}
echo '<img src="' . WB_URL . '/modules/jsadmin/images/success.gif" style="vertical-align:middle;"/> <span style="font-size: 80%">' . $MOD_FOLDERGALLERY['REORDER_INFO_SUCESS'] . '</span>';
}
$template->set_var('NAME', basename($path));
$template->parse('upgrade_list', 'upgrade_list_block', true);
}
if (file_exists($path . '/uninstall.php')) {
$show_block = true;
$template->set_var('UNINSTALL_VISIBLE', '');
$template->set_var('VALUE', basename($path));
$template->set_var('NAME', basename($path));
$template->parse('uninstall_list', 'uninstall_list_block', true);
}
} else {
unset($module_files[$index]);
}
}
// Insert permissions values
if ($admin->get_permission('modules_install') != true) {
$template->set_var('DISPLAY_INSTALL', 'hide');
}
if ($admin->get_permission('modules_uninstall') != true) {
$template->set_var('DISPLAY_UNINSTALL', 'hide');
}
if ($admin->get_permission('modules_view') != true) {
$template->set_var('DISPLAY_LIST', 'hide');
}
// only show block if there is something to show
if (!$show_block || count($module_files) == 0 || !isset($_GET['advanced']) || $admin->get_permission('admintools') != true) {
$template->set_var('DISPLAY_MANUAL_INSTALL', 'hide');
}
// Insert language headings
$template->set_var(array('HEADING_INSTALL_MODULE' => $HEADING['INSTALL_MODULE'], 'HEADING_UNINSTALL_MODULE' => $HEADING['UNINSTALL_MODULE'], 'OVERWRITE_NEWER_FILES' => $MESSAGE['ADDON_OVERWRITE_NEWER_FILES'], 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'], 'HEADING_INVOKE_MODULE_FILES' => $HEADING['INVOKE_MODULE_FILES']));
// insert urls
} else {
$title = htmlspecialchars($title, ENT_COMPAT, DEFAULT_CHARSET);
}
$module = $admin->get_post('type');
$parent = $admin->get_post('parent');
$visibility = $admin->get_post('visibility');
$admin_groups = $admin->get_post('admin_groups');
$viewing_groups = $admin->get_post('viewing_groups');
// add Admin and view groups
$admin_groups[] = 1;
$viewing_groups[] = 1;
if ($parent != 0) {
if (!$admin->get_page_permission($parent, 'admin')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
} elseif (!$admin->get_permission('pages_add_l0', 'system')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Validate data
if ($title == '' || substr($title, 0, 1) == '.') {
$admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']);
}
// Check to see if page created has needed permissions
if (!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
// Insert values into the template object
$tpl->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'LEPTON_URL' => LEPTON_URL));
/**
* Setting up the blocks
*/
$tpl->set_block('main_block', "modules_block", "modules");
$tpl->set_block('main_block', "templates_block", "templates");
$tpl->set_block('main_block', "languages_block", "languages");
$tpl->set_block('main_block', "reload_block", "reload");
$tpl->set_block('main_block', 'show_advanced_block', 'show_advanced');
/**
* Insert permission values into the template object
* Obsolete as we are using blocks ... see "parsing the blocks" section
*/
$display_none = "style=\"display: none;\"";
if ($admin->get_permission('modules') != true) {
$tpl->set_var('DISPLAY_MODULES', $display_none);
}
if ($admin->get_permission('templates') != true) {
$tpl->set_var('DISPLAY_TEMPLATES', $display_none);
}
if ($admin->get_permission('languages') != true) {
$tpl->set_var('DISPLAY_LANGUAGES', $display_none);
}
if ($admin->get_permission('admintools') != true) {
$tpl->set_var('DISPLAY_ADVANCED', $display_none);
}
if ($admin->get_permission('admintools') != true) {
$tpl->set_var('DISPLAY_ALL', $display_none);
}
$tpl->parse('show_advanced', 'show_advanced_block', true);
</tr>
</table>
</li>
<?php
// Get subs
make_list($page['page_id'], $editable_pages);
}
}
?>
</ul>
<?php
return $editable_pages;
}
// Generate pages list
if ($admin->get_permission('pages_view') == true) {
?>
<table cellpadding="0" cellspacing="0" width="100%" border="0">
<tr>
<td>
<h2><?php
echo $HEADING['DELETED_PAGES'];
?>
</h2>
</td>
<td align="right">
<a href="<?php
echo ADMIN_URL;
?>
/pages/empty_trash.php">
<img src="<?php
$template->set_var('FILE', $addon['directory']);
$template->set_var('NAME', $addon['name']);
$template->set_var('SELECTED', $addon['directory'] == $search_template ? ' selected="selected"' : '');
$template->parse('search_template_list', 'search_template_list_block', true);
}
}
// Insert default error reporting values
require ADMIN_PATH . '/interface/er_levels.php';
foreach ($ER_LEVELS as $value => $title) {
$template->set_var('VALUE', $value);
$template->set_var('NAME', $title);
$template->set_var('SELECTED', ER_LEVEL == $value ? ' selected="selected"' : '');
$template->parse('error_reporting_list', 'error_reporting_list_block', true);
}
// Insert permissions values
if ($admin->get_permission('settings_advanced') != true) {
$template->set_var('DISPLAY_ADVANCED_BUTTON', 'hide');
}
// Insert page level limits
$template->set_var('PAGE_LEVEL_LIMIT', $settings['page_level_limit']);
// if select list
for ($i = 1; $i <= 10; $i++) {
$template->set_var('NUMBER', $i);
$template->set_var('SELECTED', PAGE_LEVEL_LIMIT == $i ? ' selected="selected"' : '');
$template->parse('page_level_limit_list', 'page_level_limit_list_block', true);
}
// Work-out if multiple menus feature is enabled
if (defined('MULTIPLE_MENUS') && MULTIPLE_MENUS == true) {
$template->set_var('MULTIPLE_MENUS_ENABLED', ' checked="checked"');
} else {
$template->set_var('MULTIPLE_MENUS_DISABLED', ' checked="checked"');
// load outputfilter-functions
require_once dirname(dirname(__FILE__)) . "/functions.php";
$aJsonRespond = array();
$aJsonRespond['success'] = false;
$aJsonRespond['message'] = '';
$aJsonRespond['icon'] = '';
if (!isset($_POST['action']) || !isset($_POST['id'])) {
$aJsonRespond['message'] = 'one of the parameters does not exist';
exit(json_encode($aJsonRespond));
} else {
$aRows = $_POST['id'];
require_once '../../../config.php';
// check if user has permissions to access the outputfilter_dashboard module
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('admintools', 'admintools', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) {
$aJsonRespond['message'] = 'insuficcient rights';
exit(json_encode($aJsonRespond));
}
// Sanitize variables
$action = $admin->add_slashes($_POST['action']);
if ($action == "updatePosition") {
$i = array();
$i_keys = array();
foreach (opf_get_types() as $type => $typename) {
$i[$type] = 1;
$i_keys[] = $type;
}
foreach ($aRows as $recID) {
$id = $admin->checkIDKEY($recID, 0, 'key', true);
$filter = opf_get_data($id);
*
* @platform CMS WebsiteBaker 2.8.x
* @package addonMonitor
* @author Christian M. Stefan (Stefek)
* @copyright Christian M. Stefan
* @license http://www.gnu.org/licenses/gpl-2.0.html
*/
// Direct access prevention
defined('WB_PATH') or die(header('Location: ../index.php'));
if (!class_exists('admin', false)) {
$admin_header = FALSE;
include WB_PATH . '/framework/class.admin.php';
$admin = new admin('admintools', 'admintools');
}
// check for permission
if (!$admin->get_permission('admintools')) {
die(header('Location: ../../index.php'));
}
require_once dirname(__FILE__) . '/info.php';
// get functions file for this AdminTool
require_once dirname(__FILE__) . '/functions.php';
$sAddonDir = $module_directory;
// register TWIG autoloader if not done already
// this is of importance for WebsiteBaker Versions prior to 2.8.4. or derivate systems
if (!class_exists('Twig_Autoloader')) {
$sTwigAutoloader = dirname(__FILE__) . '/TwigTE/Twig/Autoloader.php';
if (file_exists($sTwigAutoloader)) {
include $sTwigAutoloader;
Twig_Autoloader::register();
}
}
$template->set_var('SELECTED', ' disabled="disabled" class="disabled"');
$list_next_level = false;
} elseif ($can_modify != true) {
$template->set_var('SELECTED', ' disabled="disabled" class="disabled"');
} else {
$template->set_var('SELECTED', '');
}
$template->parse('page_list2', 'page_list_block2', true);
}
if ($list_next_level) {
parent_list($page['page_id']);
}
}
}
$template->set_block('main_block', 'page_list_block2', 'page_list2');
if ($admin->get_permission('pages_add_l0') == true or $results_array['level'] == 0) {
if ($results_array['parent'] == 0) {
$selected = ' selected="selected"';
} else {
$selected = '';
}
$template->set_var(array('ID' => '0', 'TITLE' => $TEXT['NONE'], 'SELECTED' => $selected));
$template->parse('page_list2', 'page_list_block2', true);
}
parent_list(0);
if ($modified_ts == 'Unknown') {
$template->set_var('DISPLAY_MODIFIED', 'hide');
} else {
$template->set_var('DISPLAY_MODIFIED', '');
}
// Templates list
// Create new template object
$template = new Template(dirname($admin->correct_theme_source('modules.htt')));
// $template->debug = true;
$template->set_file('page', 'modules.htt');
$template->set_block('page', 'main_block', 'main');
$template->set_block('main_block', 'module_install_block', 'module_install');
// Insert values into module list
$template->set_block('main_block', 'module_detail_block', 'module_detail');
$template->set_block('module_detail_block', 'module_detail_select_block', 'module_detail_select');
$template->set_block('main_block', 'module_uninstall_block', 'module_uninstall');
$template->set_block('module_uninstall_block', 'module_uninstall_select_block', 'module_uninstall_select');
$aPreventFromUninstall = array('captcha_control', 'jsadmin', 'output_filter', 'wysiwyg', 'menu_link');
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` ' . 'WHERE `type` =\'module\'' . 'ORDER BY `name`';
if ($oAddons = $database->query($sql)) {
while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) {
if (!$admin->get_permission($aAddon['directory'], 'module')) {
continue;
}
$template->set_var('VALUE', $aAddon['directory']);
$template->set_var('NAME', $aAddon['name']);
$template->parse('module_detail_select', 'module_detail_select_block', true);
if (!preg_match('/' . $aAddon['directory'] . '/si', implode('|', $aPreventFromUninstall))) {
$template->set_var('UNINSTALL_VALUE', $aAddon['directory']);
$template->set_var('UNINSTALL_NAME', $aAddon['name']);
$template->parse('module_uninstall_select', 'module_uninstall_select_block', true);
}
}
}
$show_block = false;
$template->set_block('main_block', 'module_advanced_block', 'module_advanced');
$template->set_block('module_advanced_block', 'manuell_install_block', 'manuell_install');
* ajax/save.php
* This file gets $_POST Data sent by ajax and executes DB updates on fields
*
*
* @platform CMS WebsiteBaker 2.8.x
* @package wbSeoTool
* @author Christian M. Stefan (Stefek)
* @copyright Christian M. Stefan
* @license http://www.gnu.org/licenses/gpl-2.0.html
*/
require '../../../config.php';
$bAdminHeader = FALSE;
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_settings', $bAdminHeader);
// check if user can change things to avoid any submission from a logged in not admin user
if ($admin->get_permission('pages_modify') == false) {
exit;
}
// Create the Fields from Submission
$aFromString = explode("-", $_POST['id']);
$sDbField = $aFromString[0];
$iPageId = intval($aFromString[1]);
//sanitize new value to update
$sNewValue = str_replace(array("[[", "]]", "\n", "\t"), '', htmlspecialchars($admin->add_slashes($admin->get_post('value'))));
$aCheckPagesFields = array('page_title', 'description', 'keywords');
// GET TOOL SETTINGS FROM DB (Json Array)
$jsonSettings = $database->get_one("SELECT `settings_json` FROM `" . TABLE_PREFIX . "mod_page_seo_tool`");
$aSettings = json_decode($jsonSettings, TRUE);
if (!defined('REWRITE_URL') && $aSettings['rewriteUrl']['use'] == TRUE) {
define('REWRITE_URL', $aSettings['rewriteUrl']['dbString']);
array_push($aCheckPagesFields, REWRITE_URL);
<?php
/*
Drag'N'Drop Position
*/
if (!isset($_POST['action']) || !isset($_POST['row'])) {
header('Location: ../../index.php');
} else {
require '../../config.php';
// Check if user has permissions to access the Bakery module
require_once '../../framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('bakery', 'module'))) {
die(header('Location: ../../index.php'));
}
// Sanitize variable
$action = $admin->add_slashes($_POST['action']);
// We just get the array here, and few lines below we sanitize it
$row = $_POST['row'];
$sID = $database->get_one("SELECT section_id FROM " . TABLE_PREFIX . "mod_bakery_items WHERE item_id = " . intval($row[0]));
/*
Bakery isn't using ordering (ASC/DESC) so we comment this code
$sorting = $database->get_one("SELECT ordering FROM ".TABLE_PREFIX."bakery_settings WHERE section_id = ".$sID." ");
if($sorting == 1) // DESC == new first
{
$row = array_reverse($row);
}
*/
// For security reasons (to prevent db hacks) this line verifies that
// in the $action var there is no other text than "updatePosition"
/**
* check if there is anything to do
*/
if (!(isset($_POST['action']) && in_array($_POST['action'], array('install', 'upgrade', 'uninstall')))) {
die(header('Location: index.php?advanced'));
}
if (!(isset($_POST['file']) && $_POST['file'] != '' && strpos($_POST['file'], '..') === false)) {
die(header('Location: index.php?advanced'));
}
/**
* check if user has permissions to access this file
*/
require_once '../../framework/class.admin.php';
// check user permissions for admintools (redirect users with wrong permissions)
$admin = new admin('Admintools', 'admintools', false, false);
if ($admin->get_permission('admintools') == false) {
die(header('Location: ../../index.php'));
}
// check if the referer URL if available
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');
// if referer is set, check if script was invoked from "admin/modules/index.php"
$required_url = ADMIN_URL . '/modules/index.php';
if ($referer != '' && !(strpos($referer, $required_url) !== false)) {
die(header('Location: ../../index.php'));
}
// include WB functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
// load WB language file
require_once LEPTON_PATH . '/languages/' . LANGUAGE . '.php';
// create Admin object with admin header
$admin = new admin('Addons', '', true, false);
$configFile = dirname(dirname(dirname(dirname(dirname(dirname(__DIR__)))))) . '/config.php';
if (is_readable($configFile)) {
require $configFile;
} else {
die('tried to read a nonexisting configFile [' . basename($configFile) . ']!! ');
}
}
//$oReg = WbAdaptor::getInstance();
if (!class_exists('admin', false)) {
include WB_PATH . '/framework/class.admin.php';
}
$wb_path = str_replace('\\', '/', WB_PATH);
$wb_path = str_replace('//', '/', WB_PATH);
// check if user is authenticated if WB and has permission to view MEDIA folder
$admin = new admin('Media', 'media_view', false, false);
if ($admin->get_permission('media_view') === true) {
// user allowed to view MEDIA folder -> enable PHP connector
$Config['Enabled'] = true;
// allow actions to list folders and files
$Config['ConfigAllowedCommands'] = array('GetFolders', 'GetFoldersAndFiles');
}
// Path to user files relative to the document root.
// $Config['UserFilesPath'] = '/userfiles/' ;
$Config['UserFilesPath'] = WB_URL . MEDIA_DIRECTORY . '/';
// use home folder of current user as document root if available
if (isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path . MEDIA_DIRECTORY . $_SESSION['HOME_FOLDER'])) {
$Config['UserFilesPath'] = $Config['UserFilesPath'] . $_SESSION['HOME_FOLDER'];
}
// Fill the following value it you prefer to specify the absolute path for the
// user files directory. Useful if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
$template->set_var('VALUE', '');
$template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...');
$template->parse('list', 'list_block', true);
// Loop through groups
while ($group = $results->fetchRow(MYSQLI_ASSOC)) {
$template->set_var('VALUE', $admin->getIDKEY($group['group_id']));
$template->set_var('NAME', $group['name']);
$template->parse('list', 'list_block', true);
}
} else {
// Insert single value to say no groups were found
$template->set_var('NAME', $TEXT['NONE_FOUND']);
$template->parse('list', 'list_block', true);
}
// Insert permissions values
if ($admin->get_permission('groups_add') != true) {
$template->set_var('DISPLAY_ADD', 'hide');
}
if ($admin->get_permission('groups_modify') != true) {
$template->set_var('DISPLAY_MODIFY', 'hide');
}
if ($admin->get_permission('groups_delete') != true) {
$template->set_var('DISPLAY_DELETE', 'hide');
}
// Insert language headings
$template->set_var(array('HEADING_MODIFY_DELETE_GROUP' => $HEADING['MODIFY_DELETE_GROUP'], 'HEADING_ADD_GROUP' => $HEADING['ADD_GROUP']));
// Insert language text and messages
$template->set_var(array('TEXT_MODIFY' => $TEXT['MODIFY'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_MANAGE_USERS' => $admin->get_permission('users') == true ? $TEXT['MANAGE_USERS'] : "", 'CONFIRM_DELETE' => $TEXT['GROUP'] . ' ' . $TEXT['DELETE'] . ', ' . $TEXT['ARE_YOU_SURE']));
if ($admin->get_permission('users') == true) {
$template->parse("users", "manage_users_block", true);
}
$template->set_var('VALUE', '');
$template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...');
$template->parse('list', 'list_block', true);
// Loop through users
while (false != ($user = $results->fetchRow(MYSQL_ASSOC))) {
$template->set_var('VALUE', $user['user_id']);
$template->set_var('NAME', $user['display_name'] . ' (' . $user['username'] . ')');
$template->parse('list', 'list_block', true);
}
} else {
// Insert single value to say no users were found
$template->set_var('NAME', $TEXT['NONE_FOUND']);
$template->parse('list', 'list_block', true);
}
// Insert permissions values
if ($admin->get_permission('users_add') != true) {
$template->set_var('DISPLAY_ADD', 'hide');
}
if ($admin->get_permission('users_modify') != true) {
$template->set_var('DISPLAY_MODIFY', 'hide');
}
if ($admin->get_permission('users_delete') != true) {
$template->set_var('DISPLAY_DELETE', 'hide');
}
// Insert language headings
$template->set_var(array('HEADING_MODIFY_DELETE_USER' => $HEADING['MODIFY_DELETE_USER'], 'HEADING_ADD_USER' => $HEADING['ADD_USER']));
// insert urls
$template->set_var(array('ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL));
// Insert language text and messages
$template->set_var(array('TEXT_MODIFY' => $TEXT['MODIFY'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_MANAGE_GROUPS' => $admin->get_permission('groups') == true ? $TEXT['MANAGE_GROUPS'] : "**", 'CONFIRM_DELETE' => $MESSAGE['USERS_CONFIRM_DELETE']));
if ($admin->get_permission('groups') == true) {
require WB_PATH . '/framework/class.admin.php';
}
$admin = new admin('Addons', 'languages');
// Setup template object, parse vars to it, then parse it
// Create new template object
$template = new Template(dirname($admin->correct_theme_source('languages.htt')));
// $template->debug = true;
$template->set_file('page', 'languages.htt');
$template->set_block('page', 'main_block', 'main');
// Insert values into language list
$template->set_block('main_block', 'language_detail_block', 'language_detail');
$template->set_block('language_detail_block', 'language_detail_select_block', 'language_detail_select');
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` ' . 'WHERE `type` =\'language\'' . 'ORDER BY `directory`';
if ($oAddons = $database->query($sql)) {
while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) {
if (!$admin->get_permission($aAddon['directory'], 'language')) {
continue;
}
$template->set_var('VALUE', $aAddon['directory']);
$template->set_var('NAME', $aAddon['name'] . ' (' . $aAddon['directory'] . ')');
$template->parse('language_detail_select', 'language_detail_select_block', true);
}
}
$template->set_block('main_block', 'language_uninstall_block', 'language_uninstall');
$template->set_block('language_uninstall_block', 'language_uninstall_select_block', 'language_uninstall_select');
$oAddons->rewind();
while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) {
if (!$admin->get_permission($aAddon['directory'], 'language')) {
continue;
}
$template->set_var('VALUE', $aAddon['directory']);
$template->set_block('page', 'main_block', 'main');
// Insert values into the template object
$template->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'WB_URL' => WB_URL));
/**
* Setting up the blocks
*/
$template->set_block('main_block', "modules_block", "modules");
$template->set_block('main_block', "templates_block", "templates");
$template->set_block('main_block', "languages_block", "languages");
$template->set_block('main_block', "reload_block", "reload");
/**
* Insert permission values into the template object
* Obsolete as we are using blocks ... see "parsing the blocks" section
*/
$display_none = "style=\"display: none;\"";
if ($admin->get_permission('modules') != true) {
$template->set_var('DISPLAY_MODULES', $display_none);
}
if ($admin->get_permission('templates') != true) {
$template->set_var('DISPLAY_TEMPLATES', $display_none);
}
if ($admin->get_permission('languages') != true) {
$template->set_var('DISPLAY_LANGUAGES', $display_none);
}
if ($admin->get_permission('admintools') != true) {
$template->set_var('DISPLAY_ADVANCED', $display_none);
}
if (!isset($_GET['advanced']) || $admin->get_permission('admintools') != true) {
$template->set_var('DISPLAY_RELOAD', $display_none);
}
/**
<?php
if ($page['parent'] == 0) {
$page_tmp_id = $page['page_id'];
}
// Get subs
$editable_pages = make_list($page['page_id'], $editable_pages);
print '</li>' . "\n";
}
}
$output = $par['num_subs'] ? '</ul>' . "\n" : '';
$par['num_subs'] = empty($output) ? 1 : $par['num_subs'];
print $output;
return $editable_pages;
}
// Generate pages list
if ($admin->get_permission('pages_view') == true) {
?>
<div class="jsadmin hide"></div>
<table summary="<?php
echo $HEADING['MODIFY_DELETE_PAGE'];
?>
" cellpadding="0" cellspacing="0" width="100%">
<thead>
<tr>
<td>
<h2><?php
echo $HEADING['MODIFY_DELETE_PAGE'];
?>
</h2>
</td>
<td align="right"></td>
// fix secunia 2010-91-2
$admin_groups = $admin->get_post('admin_groups');
$viewing_groups = $admin->get_post('viewing_groups');
// Work-out if we should check for existing page_code
$field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code');
// add Admin to admin and viewing-groups
$admin_groups[] = 1;
$viewing_groups[] = 1;
// After check print the header
$admin->print_header();
// check parent page permissions:
if ($parent != 0) {
if (!$admin->get_page_permission($parent, 'admin')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
} elseif (!$admin->get_permission('pages_add_l0', 'system')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// check module permissions:
if (!$admin->get_permission($module, 'module')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Validate data
if ($title == '' || substr($title, 0, 1) == '.') {
$admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']);
}
// Check to see if page created has needed permissions
if (!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// end include class.secure.php
require_once LEPTON_PATH . '/framework/summary.addon_precheck.php';
require_once LEPTON_PATH . '/framework/class.admin.php';
// create Admin object with admin header
// check user permissions for admintools (redirect users with wrong permissions)
$admin = new admin('Admintools', 'admintools', true);
$msg = array();
$error_msg = array();
$backlink = 'index.php?advanced=yes';
if ($admin->get_permission('admintools') == true) {
/*'reload_all', not yet*/
$post_check = array('reload_modules', 'reload_templates', 'reload_languages');
/**
* check if there is anything to do
*/
foreach ($post_check as $index => $key) {
if (!isset($_POST[$key]) && !isset($_POST['reload_all'])) {
unset($post_check[$index]);
}
}
if (count($post_check) == 0) {
$error_msg[] = '<span class="normal bold red">' . $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] . '</span>';
} else {
/**
* check if user has permissions to access this file
$page_id = (int) $_GET['page_id'];
$section_id = (int) $_GET['section_id'];
} else {
$page_id = (int) $_POST['page_id'];
$section_id = (int) $_POST['section_id'];
}
} else {
if (!isset($admin)) {
require_once WB_PATH . '/modules/admin.php';
}
//if (!isset($admin)).. Darf man das?
}
if (!$admin->is_authenticated()) {
die;
} else {
if (!$admin->get_permission($mod_dir, 'module')) {
die;
}
}
// Load Language file
if (LANGUAGE_LOADED) {
if (!file_exists(WB_PATH . '/modules/' . $mod_dir . '/languages/' . LANGUAGE . '.php')) {
require_once WB_PATH . '/modules/' . $mod_dir . '/languages/EN.php';
} else {
require_once WB_PATH . '/modules/' . $mod_dir . '/languages/' . LANGUAGE . '.php';
}
}
require_once WB_PATH . '/modules/' . $mod_dir . '/functions_small.php';
if (isset($section_id)) {
$topic_id = 0;
if (isset($_REQUEST['topic_id'])) {
// Setup template object, parse vars to it, then parse it
// Create new template object
$template = new Template(dirname($admin->correct_theme_source('access.htt')));
// $template->debug = true;
$template->set_file('page', 'access.htt');
$template->set_block('page', 'main_block', 'main');
$template->set_block('main_block', 'users_block', 'user');
$template->set_block('main_block', 'groups_block', 'group');
// Insert values into the template object
$template->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'WB_URL' => WB_URL));
/**
* Insert permission values into the template object
* Deprecated - as we are using blocks.
*/
$display_none = "style=\"display: none;\"";
if ($admin->get_permission('users') != true) {
$template->set_var('DISPLAY_USERS', $display_none);
}
if ($admin->get_permission('groups') != true) {
$template->set_var('DISPLAY_GROUPS', $display_none);
}
// Insert section names and descriptions
$template->set_var(array('USERS' => $MENU['USERS'], 'GROUPS' => $MENU['GROUPS'], 'ACCESS' => $MENU['ACCESS'], 'USERS_OVERVIEW' => $OVERVIEW['USERS'], 'GROUPS_OVERVIEW' => $OVERVIEW['GROUPS']));
if ($admin->get_permission('users') == true) {
$template->parse('main_block', "users_block", true);
}
if ($admin->get_permission('groups') == true) {
$template->parse('main_block', "groups_block", true);
}
// Parse template object
$template->parse('main', 'main_block', false);
* Try to get the "uninstall" information for this template.
*/
$temp_filename = LEPTON_PATH . "/templates/" . $addon['directory'] . "/info.php";
if (file_exists($temp_filename)) {
$template_delete = true;
require $temp_filename;
if (true === $template_delete) {
$template->set_var('VALUE', $addon['directory']);
$template->set_var('NAME', $addon['name']);
$template->parse('template_uninstall_list', 'template_uninstall_list_block', true);
}
}
}
}
// Insert permissions values
if ($admin->get_permission('templates_install') != true) {
$template->set_var('DISPLAY_INSTALL', 'hide');
}
if ($admin->get_permission('templates_uninstall') != true) {
$template->set_var('DISPLAY_UNINSTALL', 'hide');
}
if ($admin->get_permission('templates_view') != true) {
$template->set_var('DISPLAY_LIST', 'hide');
}
// Insert language headings
$template->set_var(array('HEADING_INSTALL_TEMPLATE' => $HEADING['INSTALL_TEMPLATE'], 'HEADING_UNINSTALL_TEMPLATE' => $HEADING['UNINSTALL_TEMPLATE'], 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS']));
// Insert language text and messages
$template->set_var(array('URL_MODULES' => $admin->get_permission('modules') ? '<a class="button" href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>' : '', 'URL_LANGUAGES' => $admin->get_permission('languages') ? '<a class="button" href="' . ADMIN_URL . '/languages/index.php">' . $MENU['LANGUAGES'] . '</a>' : '', 'URL_ADVANCED' => $admin->get_permission('admintools') ? '<a class="button" href="' . ADMIN_URL . '/modules/index.php?advanced">' . $TEXT['ADVANCED'] . '</a>' : '', 'TEXT_INSTALL' => $TEXT['INSTALL'], 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'CHANGE_TEMPLATE_NOTICE' => $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE']));
// Parse template object
$template->parse('main', 'main_block', false);
$template->pparse('output', 'page');