// Create new template object $template = new Template(dirname($admin->correct_theme_source('admintools.htt'))); // $template->debug = true; $template->set_file('page', 'admintools.htt'); $template->set_block('page', 'main_block', 'main'); // Insert required template variables $template->set_var('ADMIN_URL', ADMIN_URL); $template->set_var('THEME_URL', THEME_URL); $template->set_var('HEADING_ADMINISTRATION_TOOLS', $HEADING['ADMINISTRATION_TOOLS']); // Insert tools into tool list $template->set_block('main_block', 'tool_list_block', 'tool_list'); $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` WHERE `type` = \'module\' AND `function` = \'tool\' order by `name`'; $results = $database->query($sql); if ($results->numRows() > 0) { while ($tool = $results->fetchRow()) { if ($admin->get_permission($tool['directory'], 'module')) { $template->set_var('TOOL_NAME', $tool['name']); $template->set_var('TOOL_DIR', $tool['directory']); // check if a module description exists for the displayed backend language $tool_description = false; if (function_exists('file_get_contents') && file_exists(WB_PATH . '/modules/' . $tool['directory'] . '/languages/' . LANGUAGE . '.php')) { // read contents of the module language file into string $data = @file_get_contents(WB_PATH . '/modules/' . $tool['directory'] . '/languages/' . LANGUAGE . '.php'); $tool_description = get_variable_content('module_description', $data, true, false); } $template->set_var('TOOL_DESCRIPTION', $tool_description === False ? $tool['description'] : $tool_description); $template->parse('tool_list', 'tool_list_block', true); } } } else { $template->set_var('TOOL_LIST', $TEXT['NONE_FOUND']);
} $filetype_url = THEME_URL . '/images/files/' . $filetypeicon . '.png'; $template->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), 'LINK' => WB_URL . MEDIA_DIRECTORY . $directory . '/' . $name, 'LINK_TARGET' => '_blank', 'ROW_BG_COLOR' => $row_bg_color, 'FT_ICON' => empty($icon) ? $filetype_url : $icon, 'FILETYPE_ICON' => $filetype_url, 'MOUSEOVER' => $tooltip, 'IMAGEDETAIL' => $imgdetail, 'SIZE' => $bytes, 'DATE' => $date, 'PREVIEW' => $preview, 'IMAGE_TITLE' => $name, 'IMAGE_EXIST' => 'blank_16.gif')); $template->parse('list', 'list_block', true); // Code to alternate row colors if ($row_bg_color == 'FFF') { $row_bg_color = 'ECF1F3'; } else { $row_bg_color = 'FFF'; } } } } // If no files are in the media folder say so if ($temp_id == 0) { $template->set_var('DISPLAY_LIST_TABLE', 'hide'); } else { $template->set_var('DISPLAY_NONE_FOUND', 'hide'); } // Insert permissions values if ($admin->get_permission('media_rename') != true) { $template->set_var('DISPLAY_RENAME', 'hide'); } if ($admin->get_permission('media_delete') != true) { $template->set_var('DISPLAY_DELETE', 'hide'); } // Insert language text and messages $template->set_var(array('MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_SIZE' => $TEXT['SIZE'], 'TEXT_DATE' => $TEXT['DATE'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TYPE' => $TEXT['TYPE'], 'TEXT_UP' => $TEXT['UP'], 'NONE_FOUND' => $MESSAGE['MEDIA']['NONE_FOUND'], 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'CONFIRM_DELETE' => $MESSAGE['MEDIA']['CONFIRM_DELETE'])); // Parse template object $template->parse('main', 'main_block', false); $template->pparse('output', 'page');
<?php /** * CMS module: Download Gallery 3 * Copyright and more information see file info.php **/ require realpath(dirname(__FILE__) . '/../../config.php'); // check permissions require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); $dlgmodname = str_replace(str_replace('\\', '/', WB_PATH) . '/modules/', '', str_replace('\\', '/', dirname(__FILE__))); if (!($admin->is_authenticated() && $admin->get_permission($dlgmodname, 'module'))) { header('Location: ../../index.php'); } require_once WB_PATH . '/framework/class.order.php'; // if there's no item_id, it should be a group if (!isset($_POST['item_id'])) { if (!isset($_POST['group_id'])) { } else { $group_id = is_numeric($_POST['group_id']) ? $_POST['group_id'] : NULL; $prev_id = is_numeric($_POST['prev_id']) ? $_POST['prev_id'] : NULL; // new position $o = new order(TABLE_PREFIX . $tablename . '_groups', 'position', 'group_id', 'section_id'); if ($group_id) { if ($prev_id) { $pos = $database->get_one('SELECT `position` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $prev_id . "'"); } else { $pos = 0; } $database->query("UPDATE `" . TABLE_PREFIX . $tablename . "_groups` SET `position` = '" . $pos++ . "' WHERE `group_id` = '" . $group_id . "'"); $section_id = $database->get_one('SELECT `section_id` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $group_id . "'");
if (in_array($cur_gid, $old_admin_groups)) { $in_group = true; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { print $admin->get_group_id() . $admin->get_user_id(); // print_r ($old_admin_groups); $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if (!is_numeric($section_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($section_id > 0) { $section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php'); if (!$admin->get_permission($section['module'], 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL); } } // Workout if the developer wants to show the info banner if (isset($print_info_banner) && $print_info_banner == true) { // Get page details already defined // Get display name of person who last modified the page $user = $admin->get_user_details($page['modified_by']); // Convert the unix ts for modified_when to human a readable form $modified_ts = 'Unknown'; if ($page['modified_when'] != 0) { $modified_ts = gmdate(TIME_FORMAT . ', ' . DATE_FORMAT, $page['modified_when'] + TIMEZONE); } // Setup template object, parse vars to it, then parse it // Create new template object
$admin = new admin('Start', 'start'); // Setup template object $tpl = new Template(THEME_PATH . '/templates'); $tpl->debug = false; $tpl->set_file('page', 'start.htt'); $tpl->set_block('page', 'main_block', 'main'); $tpl->set_block('main_block', 'show_preferences_block', 'show_preferences'); // first set all blocks to visible $tpl->parse('show_preferences', 'show_preferences_block', true); // Check register_globals: $warning = ini_get('register_globals') ? 'This PHP installation is insecure because register_globals is on! Please contact your administrator.' : ''; // Insert values into the template object $tpl->set_var(array('WELCOME_MESSAGE' => $MESSAGE['START_WELCOME_MESSAGE'], 'CURRENT_USER' => $MESSAGE['START_CURRENT_USER'], 'DISPLAY_NAME' => $admin->get_display_name(), 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'THEME_URL' => THEME_URL, 'NO_CONTENT' => '<p> </p>', 'WARNING' => $warning)); // Insert permission values into the template object $tpl->set_block('main_block', 'show_pages_block', 'show_pages'); if ($admin->get_permission('pages') != true) { $tpl->set_var('DISPLAY_PAGES', 'display:none;'); $tpl->set_block('show_pages', ''); } else { $tpl->parse('show_pages', 'show_pages_block', true); } $tpl->set_block('main_block', 'show_media_block', 'show_media'); if ($admin->get_permission('media') != true) { $tpl->set_var('DISPLAY_MEDIA', 'display:none;'); $tpl->set_block('show_media', ''); } else { $tpl->parse('show_media', 'show_media_block', true); } $tpl->set_block('main_block', 'show_addons_block', 'show_addons'); if ($admin->get_permission('addons') != true) { $tpl->set_var('DISPLAY_ADDONS', 'display:none;');
$template = new Template(dirname($admin->correct_theme_source('languages.htt'))); // $template->debug = true; $template->set_file('page', 'languages.htt'); $template->set_block('page', 'main_block', 'main'); // Insert values into language list $template->set_block('main_block', 'language_list_block', 'language_list'); $result = $database->query("SELECT * FROM " . TABLE_PREFIX . "addons WHERE type = 'language' order by directory"); if ($result->numRows() > 0) { while ($addon = $result->fetchRow()) { $template->set_var('VALUE', $addon['directory']); $template->set_var('NAME', $addon['name'] . ' (' . $addon['directory'] . ')'); $template->parse('language_list', 'language_list_block', true); } } // Insert permissions values if ($admin->get_permission('languages_install') != true) { $template->set_var('DISPLAY_INSTALL', 'hide'); } if ($admin->get_permission('languages_uninstall') != true) { $template->set_var('DISPLAY_UNINSTALL', 'hide'); } if ($admin->get_permission('languages_view') != true) { $template->set_var('DISPLAY_LIST', 'hide'); } // Insert language headings $template->set_var(array('HEADING_INSTALL_LANGUAGE' => $HEADING['INSTALL_LANGUAGE'], 'HEADING_UNINSTALL_LANGUAGE' => $HEADING['UNINSTALL_LANGUAGE'], 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS'])); // insert urls $template->set_var(array('ADMIN_URL' => ADMIN_URL, 'WB_URL' => WB_URL, 'THEME_URL' => THEME_URL, 'FTAN' => $admin->getFTAN())); // Insert language text and messages $template->set_var(array('URL_MODULES' => $admin->get_permission('modules') ? '<a href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>' : '', 'URL_ADVANCED' => '          ', 'URL_TEMPLATES' => $admin->get_permission('templates') ? '<a href="' . ADMIN_URL . '/templates/index.php">' . $MENU['TEMPLATES'] . '</a>' : '', 'TEXT_INSTALL' => $TEXT['INSTALL'], 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'])); // Parse template object
if (!file_exists(WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php')) { // no module language file exists for the language set by the user, include default module language file DE.php require_once WB_PATH . '/modules/foldergallery/languages/DE.php'; } else { // a module language file exists for the language defined by the user, load it require_once WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php'; } // First we prevent direct access and check for variables if (!isset($_POST['action']) or !isset($_POST['recordsArray'])) { // now we redirect to index, if you are in subfolder use ../index.php header('Location: ../../index.php'); } else { // check if user has permissions to access the module require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); if (!($admin->is_authenticated() && $admin->get_permission('foldergallery', 'module'))) { die(header('Location: ../../index.php')); } // Sanitized variables $action = $admin->add_slashes($_POST['action']); $updateRecordsArray = isset($_POST['recordsArray']) ? $_POST['recordsArray'] : array(); // This line verifies that in &action is not other text than "updateRecordsListings", if something else is inputed (to try to HACK the DB), there will be no DB access.. if ($action == "updateRecordsListings") { $listingCounter = 1; $output = ""; foreach ($updateRecordsArray as $recordIDValue) { $database->query("UPDATE `" . TABLE_PREFIX . "mod_foldergallery_categories` SET position = " . $listingCounter . " WHERE `id` = " . $recordIDValue); $listingCounter++; } echo '<img src="' . WB_URL . '/modules/jsadmin/images/success.gif" style="vertical-align:middle;"/> <span style="font-size: 80%">' . $MOD_FOLDERGALLERY['REORDER_INFO_SUCESS'] . '</span>'; }
$template->set_var('NAME', basename($path)); $template->parse('upgrade_list', 'upgrade_list_block', true); } if (file_exists($path . '/uninstall.php')) { $show_block = true; $template->set_var('UNINSTALL_VISIBLE', ''); $template->set_var('VALUE', basename($path)); $template->set_var('NAME', basename($path)); $template->parse('uninstall_list', 'uninstall_list_block', true); } } else { unset($module_files[$index]); } } // Insert permissions values if ($admin->get_permission('modules_install') != true) { $template->set_var('DISPLAY_INSTALL', 'hide'); } if ($admin->get_permission('modules_uninstall') != true) { $template->set_var('DISPLAY_UNINSTALL', 'hide'); } if ($admin->get_permission('modules_view') != true) { $template->set_var('DISPLAY_LIST', 'hide'); } // only show block if there is something to show if (!$show_block || count($module_files) == 0 || !isset($_GET['advanced']) || $admin->get_permission('admintools') != true) { $template->set_var('DISPLAY_MANUAL_INSTALL', 'hide'); } // Insert language headings $template->set_var(array('HEADING_INSTALL_MODULE' => $HEADING['INSTALL_MODULE'], 'HEADING_UNINSTALL_MODULE' => $HEADING['UNINSTALL_MODULE'], 'OVERWRITE_NEWER_FILES' => $MESSAGE['ADDON_OVERWRITE_NEWER_FILES'], 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'], 'HEADING_INVOKE_MODULE_FILES' => $HEADING['INVOKE_MODULE_FILES'])); // insert urls
} else { $title = htmlspecialchars($title, ENT_COMPAT, DEFAULT_CHARSET); } $module = $admin->get_post('type'); $parent = $admin->get_post('parent'); $visibility = $admin->get_post('visibility'); $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // add Admin and view groups $admin_groups[] = 1; $viewing_groups[] = 1; if ($parent != 0) { if (!$admin->get_page_permission($parent, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } elseif (!$admin->get_permission('pages_add_l0', 'system')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Validate data if ($title == '' || substr($title, 0, 1) == '.') { $admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']); } // Check to see if page created has needed permissions if (!in_array(1, $admin->get_groups_id())) { $admin_perm_ok = false; foreach ($admin_groups as $adm_group) { if (in_array($adm_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) {
// Insert values into the template object $tpl->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'LEPTON_URL' => LEPTON_URL)); /** * Setting up the blocks */ $tpl->set_block('main_block', "modules_block", "modules"); $tpl->set_block('main_block', "templates_block", "templates"); $tpl->set_block('main_block', "languages_block", "languages"); $tpl->set_block('main_block', "reload_block", "reload"); $tpl->set_block('main_block', 'show_advanced_block', 'show_advanced'); /** * Insert permission values into the template object * Obsolete as we are using blocks ... see "parsing the blocks" section */ $display_none = "style=\"display: none;\""; if ($admin->get_permission('modules') != true) { $tpl->set_var('DISPLAY_MODULES', $display_none); } if ($admin->get_permission('templates') != true) { $tpl->set_var('DISPLAY_TEMPLATES', $display_none); } if ($admin->get_permission('languages') != true) { $tpl->set_var('DISPLAY_LANGUAGES', $display_none); } if ($admin->get_permission('admintools') != true) { $tpl->set_var('DISPLAY_ADVANCED', $display_none); } if ($admin->get_permission('admintools') != true) { $tpl->set_var('DISPLAY_ALL', $display_none); } $tpl->parse('show_advanced', 'show_advanced_block', true);
</tr> </table> </li> <?php // Get subs make_list($page['page_id'], $editable_pages); } } ?> </ul> <?php return $editable_pages; } // Generate pages list if ($admin->get_permission('pages_view') == true) { ?> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td> <h2><?php echo $HEADING['DELETED_PAGES']; ?> </h2> </td> <td align="right"> <a href="<?php echo ADMIN_URL; ?> /pages/empty_trash.php"> <img src="<?php
$template->set_var('FILE', $addon['directory']); $template->set_var('NAME', $addon['name']); $template->set_var('SELECTED', $addon['directory'] == $search_template ? ' selected="selected"' : ''); $template->parse('search_template_list', 'search_template_list_block', true); } } // Insert default error reporting values require ADMIN_PATH . '/interface/er_levels.php'; foreach ($ER_LEVELS as $value => $title) { $template->set_var('VALUE', $value); $template->set_var('NAME', $title); $template->set_var('SELECTED', ER_LEVEL == $value ? ' selected="selected"' : ''); $template->parse('error_reporting_list', 'error_reporting_list_block', true); } // Insert permissions values if ($admin->get_permission('settings_advanced') != true) { $template->set_var('DISPLAY_ADVANCED_BUTTON', 'hide'); } // Insert page level limits $template->set_var('PAGE_LEVEL_LIMIT', $settings['page_level_limit']); // if select list for ($i = 1; $i <= 10; $i++) { $template->set_var('NUMBER', $i); $template->set_var('SELECTED', PAGE_LEVEL_LIMIT == $i ? ' selected="selected"' : ''); $template->parse('page_level_limit_list', 'page_level_limit_list_block', true); } // Work-out if multiple menus feature is enabled if (defined('MULTIPLE_MENUS') && MULTIPLE_MENUS == true) { $template->set_var('MULTIPLE_MENUS_ENABLED', ' checked="checked"'); } else { $template->set_var('MULTIPLE_MENUS_DISABLED', ' checked="checked"');
// load outputfilter-functions require_once dirname(dirname(__FILE__)) . "/functions.php"; $aJsonRespond = array(); $aJsonRespond['success'] = false; $aJsonRespond['message'] = ''; $aJsonRespond['icon'] = ''; if (!isset($_POST['action']) || !isset($_POST['id'])) { $aJsonRespond['message'] = 'one of the parameters does not exist'; exit(json_encode($aJsonRespond)); } else { $aRows = $_POST['id']; require_once '../../../config.php'; // check if user has permissions to access the outputfilter_dashboard module require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('admintools', 'admintools', false, false); if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) { $aJsonRespond['message'] = 'insuficcient rights'; exit(json_encode($aJsonRespond)); } // Sanitize variables $action = $admin->add_slashes($_POST['action']); if ($action == "updatePosition") { $i = array(); $i_keys = array(); foreach (opf_get_types() as $type => $typename) { $i[$type] = 1; $i_keys[] = $type; } foreach ($aRows as $recID) { $id = $admin->checkIDKEY($recID, 0, 'key', true); $filter = opf_get_data($id);
* * @platform CMS WebsiteBaker 2.8.x * @package addonMonitor * @author Christian M. Stefan (Stefek) * @copyright Christian M. Stefan * @license http://www.gnu.org/licenses/gpl-2.0.html */ // Direct access prevention defined('WB_PATH') or die(header('Location: ../index.php')); if (!class_exists('admin', false)) { $admin_header = FALSE; include WB_PATH . '/framework/class.admin.php'; $admin = new admin('admintools', 'admintools'); } // check for permission if (!$admin->get_permission('admintools')) { die(header('Location: ../../index.php')); } require_once dirname(__FILE__) . '/info.php'; // get functions file for this AdminTool require_once dirname(__FILE__) . '/functions.php'; $sAddonDir = $module_directory; // register TWIG autoloader if not done already // this is of importance for WebsiteBaker Versions prior to 2.8.4. or derivate systems if (!class_exists('Twig_Autoloader')) { $sTwigAutoloader = dirname(__FILE__) . '/TwigTE/Twig/Autoloader.php'; if (file_exists($sTwigAutoloader)) { include $sTwigAutoloader; Twig_Autoloader::register(); } }
$template->set_var('SELECTED', ' disabled="disabled" class="disabled"'); $list_next_level = false; } elseif ($can_modify != true) { $template->set_var('SELECTED', ' disabled="disabled" class="disabled"'); } else { $template->set_var('SELECTED', ''); } $template->parse('page_list2', 'page_list_block2', true); } if ($list_next_level) { parent_list($page['page_id']); } } } $template->set_block('main_block', 'page_list_block2', 'page_list2'); if ($admin->get_permission('pages_add_l0') == true or $results_array['level'] == 0) { if ($results_array['parent'] == 0) { $selected = ' selected="selected"'; } else { $selected = ''; } $template->set_var(array('ID' => '0', 'TITLE' => $TEXT['NONE'], 'SELECTED' => $selected)); $template->parse('page_list2', 'page_list_block2', true); } parent_list(0); if ($modified_ts == 'Unknown') { $template->set_var('DISPLAY_MODIFIED', 'hide'); } else { $template->set_var('DISPLAY_MODIFIED', ''); } // Templates list
// Create new template object $template = new Template(dirname($admin->correct_theme_source('modules.htt'))); // $template->debug = true; $template->set_file('page', 'modules.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_block('main_block', 'module_install_block', 'module_install'); // Insert values into module list $template->set_block('main_block', 'module_detail_block', 'module_detail'); $template->set_block('module_detail_block', 'module_detail_select_block', 'module_detail_select'); $template->set_block('main_block', 'module_uninstall_block', 'module_uninstall'); $template->set_block('module_uninstall_block', 'module_uninstall_select_block', 'module_uninstall_select'); $aPreventFromUninstall = array('captcha_control', 'jsadmin', 'output_filter', 'wysiwyg', 'menu_link'); $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` ' . 'WHERE `type` =\'module\'' . 'ORDER BY `name`'; if ($oAddons = $database->query($sql)) { while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) { if (!$admin->get_permission($aAddon['directory'], 'module')) { continue; } $template->set_var('VALUE', $aAddon['directory']); $template->set_var('NAME', $aAddon['name']); $template->parse('module_detail_select', 'module_detail_select_block', true); if (!preg_match('/' . $aAddon['directory'] . '/si', implode('|', $aPreventFromUninstall))) { $template->set_var('UNINSTALL_VALUE', $aAddon['directory']); $template->set_var('UNINSTALL_NAME', $aAddon['name']); $template->parse('module_uninstall_select', 'module_uninstall_select_block', true); } } } $show_block = false; $template->set_block('main_block', 'module_advanced_block', 'module_advanced'); $template->set_block('module_advanced_block', 'manuell_install_block', 'manuell_install');
* ajax/save.php * This file gets $_POST Data sent by ajax and executes DB updates on fields * * * @platform CMS WebsiteBaker 2.8.x * @package wbSeoTool * @author Christian M. Stefan (Stefek) * @copyright Christian M. Stefan * @license http://www.gnu.org/licenses/gpl-2.0.html */ require '../../../config.php'; $bAdminHeader = FALSE; // suppress to print the header, so no new FTAN will be set $admin = new admin('Pages', 'pages_settings', $bAdminHeader); // check if user can change things to avoid any submission from a logged in not admin user if ($admin->get_permission('pages_modify') == false) { exit; } // Create the Fields from Submission $aFromString = explode("-", $_POST['id']); $sDbField = $aFromString[0]; $iPageId = intval($aFromString[1]); //sanitize new value to update $sNewValue = str_replace(array("[[", "]]", "\n", "\t"), '', htmlspecialchars($admin->add_slashes($admin->get_post('value')))); $aCheckPagesFields = array('page_title', 'description', 'keywords'); // GET TOOL SETTINGS FROM DB (Json Array) $jsonSettings = $database->get_one("SELECT `settings_json` FROM `" . TABLE_PREFIX . "mod_page_seo_tool`"); $aSettings = json_decode($jsonSettings, TRUE); if (!defined('REWRITE_URL') && $aSettings['rewriteUrl']['use'] == TRUE) { define('REWRITE_URL', $aSettings['rewriteUrl']['dbString']); array_push($aCheckPagesFields, REWRITE_URL);
<?php /* Drag'N'Drop Position */ if (!isset($_POST['action']) || !isset($_POST['row'])) { header('Location: ../../index.php'); } else { require '../../config.php'; // Check if user has permissions to access the Bakery module require_once '../../framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); if (!($admin->is_authenticated() && $admin->get_permission('bakery', 'module'))) { die(header('Location: ../../index.php')); } // Sanitize variable $action = $admin->add_slashes($_POST['action']); // We just get the array here, and few lines below we sanitize it $row = $_POST['row']; $sID = $database->get_one("SELECT section_id FROM " . TABLE_PREFIX . "mod_bakery_items WHERE item_id = " . intval($row[0])); /* Bakery isn't using ordering (ASC/DESC) so we comment this code $sorting = $database->get_one("SELECT ordering FROM ".TABLE_PREFIX."bakery_settings WHERE section_id = ".$sID." "); if($sorting == 1) // DESC == new first { $row = array_reverse($row); } */ // For security reasons (to prevent db hacks) this line verifies that // in the $action var there is no other text than "updatePosition"
/** * check if there is anything to do */ if (!(isset($_POST['action']) && in_array($_POST['action'], array('install', 'upgrade', 'uninstall')))) { die(header('Location: index.php?advanced')); } if (!(isset($_POST['file']) && $_POST['file'] != '' && strpos($_POST['file'], '..') === false)) { die(header('Location: index.php?advanced')); } /** * check if user has permissions to access this file */ require_once '../../framework/class.admin.php'; // check user permissions for admintools (redirect users with wrong permissions) $admin = new admin('Admintools', 'admintools', false, false); if ($admin->get_permission('admintools') == false) { die(header('Location: ../../index.php')); } // check if the referer URL if available $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : ''); // if referer is set, check if script was invoked from "admin/modules/index.php" $required_url = ADMIN_URL . '/modules/index.php'; if ($referer != '' && !(strpos($referer, $required_url) !== false)) { die(header('Location: ../../index.php')); } // include WB functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; // load WB language file require_once LEPTON_PATH . '/languages/' . LANGUAGE . '.php'; // create Admin object with admin header $admin = new admin('Addons', '', true, false);
$configFile = dirname(dirname(dirname(dirname(dirname(dirname(__DIR__)))))) . '/config.php'; if (is_readable($configFile)) { require $configFile; } else { die('tried to read a nonexisting configFile [' . basename($configFile) . ']!! '); } } //$oReg = WbAdaptor::getInstance(); if (!class_exists('admin', false)) { include WB_PATH . '/framework/class.admin.php'; } $wb_path = str_replace('\\', '/', WB_PATH); $wb_path = str_replace('//', '/', WB_PATH); // check if user is authenticated if WB and has permission to view MEDIA folder $admin = new admin('Media', 'media_view', false, false); if ($admin->get_permission('media_view') === true) { // user allowed to view MEDIA folder -> enable PHP connector $Config['Enabled'] = true; // allow actions to list folders and files $Config['ConfigAllowedCommands'] = array('GetFolders', 'GetFoldersAndFiles'); } // Path to user files relative to the document root. // $Config['UserFilesPath'] = '/userfiles/' ; $Config['UserFilesPath'] = WB_URL . MEDIA_DIRECTORY . '/'; // use home folder of current user as document root if available if (isset($_SESSION['HOME_FOLDER']) && file_exists($wb_path . MEDIA_DIRECTORY . $_SESSION['HOME_FOLDER'])) { $Config['UserFilesPath'] = $Config['UserFilesPath'] . $_SESSION['HOME_FOLDER']; } // Fill the following value it you prefer to specify the absolute path for the // user files directory. Useful if you are using a virtual directory, symbolic // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
$template->set_var('VALUE', ''); $template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...'); $template->parse('list', 'list_block', true); // Loop through groups while ($group = $results->fetchRow(MYSQLI_ASSOC)) { $template->set_var('VALUE', $admin->getIDKEY($group['group_id'])); $template->set_var('NAME', $group['name']); $template->parse('list', 'list_block', true); } } else { // Insert single value to say no groups were found $template->set_var('NAME', $TEXT['NONE_FOUND']); $template->parse('list', 'list_block', true); } // Insert permissions values if ($admin->get_permission('groups_add') != true) { $template->set_var('DISPLAY_ADD', 'hide'); } if ($admin->get_permission('groups_modify') != true) { $template->set_var('DISPLAY_MODIFY', 'hide'); } if ($admin->get_permission('groups_delete') != true) { $template->set_var('DISPLAY_DELETE', 'hide'); } // Insert language headings $template->set_var(array('HEADING_MODIFY_DELETE_GROUP' => $HEADING['MODIFY_DELETE_GROUP'], 'HEADING_ADD_GROUP' => $HEADING['ADD_GROUP'])); // Insert language text and messages $template->set_var(array('TEXT_MODIFY' => $TEXT['MODIFY'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_MANAGE_USERS' => $admin->get_permission('users') == true ? $TEXT['MANAGE_USERS'] : "", 'CONFIRM_DELETE' => $TEXT['GROUP'] . ' ' . $TEXT['DELETE'] . ', ' . $TEXT['ARE_YOU_SURE'])); if ($admin->get_permission('users') == true) { $template->parse("users", "manage_users_block", true); }
$template->set_var('VALUE', ''); $template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...'); $template->parse('list', 'list_block', true); // Loop through users while (false != ($user = $results->fetchRow(MYSQL_ASSOC))) { $template->set_var('VALUE', $user['user_id']); $template->set_var('NAME', $user['display_name'] . ' (' . $user['username'] . ')'); $template->parse('list', 'list_block', true); } } else { // Insert single value to say no users were found $template->set_var('NAME', $TEXT['NONE_FOUND']); $template->parse('list', 'list_block', true); } // Insert permissions values if ($admin->get_permission('users_add') != true) { $template->set_var('DISPLAY_ADD', 'hide'); } if ($admin->get_permission('users_modify') != true) { $template->set_var('DISPLAY_MODIFY', 'hide'); } if ($admin->get_permission('users_delete') != true) { $template->set_var('DISPLAY_DELETE', 'hide'); } // Insert language headings $template->set_var(array('HEADING_MODIFY_DELETE_USER' => $HEADING['MODIFY_DELETE_USER'], 'HEADING_ADD_USER' => $HEADING['ADD_USER'])); // insert urls $template->set_var(array('ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL)); // Insert language text and messages $template->set_var(array('TEXT_MODIFY' => $TEXT['MODIFY'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_MANAGE_GROUPS' => $admin->get_permission('groups') == true ? $TEXT['MANAGE_GROUPS'] : "**", 'CONFIRM_DELETE' => $MESSAGE['USERS_CONFIRM_DELETE'])); if ($admin->get_permission('groups') == true) {
require WB_PATH . '/framework/class.admin.php'; } $admin = new admin('Addons', 'languages'); // Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('languages.htt'))); // $template->debug = true; $template->set_file('page', 'languages.htt'); $template->set_block('page', 'main_block', 'main'); // Insert values into language list $template->set_block('main_block', 'language_detail_block', 'language_detail'); $template->set_block('language_detail_block', 'language_detail_select_block', 'language_detail_select'); $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'addons` ' . 'WHERE `type` =\'language\'' . 'ORDER BY `directory`'; if ($oAddons = $database->query($sql)) { while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) { if (!$admin->get_permission($aAddon['directory'], 'language')) { continue; } $template->set_var('VALUE', $aAddon['directory']); $template->set_var('NAME', $aAddon['name'] . ' (' . $aAddon['directory'] . ')'); $template->parse('language_detail_select', 'language_detail_select_block', true); } } $template->set_block('main_block', 'language_uninstall_block', 'language_uninstall'); $template->set_block('language_uninstall_block', 'language_uninstall_select_block', 'language_uninstall_select'); $oAddons->rewind(); while ($aAddon = $oAddons->fetchRow(MYSQLI_ASSOC)) { if (!$admin->get_permission($aAddon['directory'], 'language')) { continue; } $template->set_var('VALUE', $aAddon['directory']);
$template->set_block('page', 'main_block', 'main'); // Insert values into the template object $template->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'WB_URL' => WB_URL)); /** * Setting up the blocks */ $template->set_block('main_block', "modules_block", "modules"); $template->set_block('main_block', "templates_block", "templates"); $template->set_block('main_block', "languages_block", "languages"); $template->set_block('main_block', "reload_block", "reload"); /** * Insert permission values into the template object * Obsolete as we are using blocks ... see "parsing the blocks" section */ $display_none = "style=\"display: none;\""; if ($admin->get_permission('modules') != true) { $template->set_var('DISPLAY_MODULES', $display_none); } if ($admin->get_permission('templates') != true) { $template->set_var('DISPLAY_TEMPLATES', $display_none); } if ($admin->get_permission('languages') != true) { $template->set_var('DISPLAY_LANGUAGES', $display_none); } if ($admin->get_permission('admintools') != true) { $template->set_var('DISPLAY_ADVANCED', $display_none); } if (!isset($_GET['advanced']) || $admin->get_permission('admintools') != true) { $template->set_var('DISPLAY_RELOAD', $display_none); } /**
<?php if ($page['parent'] == 0) { $page_tmp_id = $page['page_id']; } // Get subs $editable_pages = make_list($page['page_id'], $editable_pages); print '</li>' . "\n"; } } $output = $par['num_subs'] ? '</ul>' . "\n" : ''; $par['num_subs'] = empty($output) ? 1 : $par['num_subs']; print $output; return $editable_pages; } // Generate pages list if ($admin->get_permission('pages_view') == true) { ?> <div class="jsadmin hide"></div> <table summary="<?php echo $HEADING['MODIFY_DELETE_PAGE']; ?> " cellpadding="0" cellspacing="0" width="100%"> <thead> <tr> <td> <h2><?php echo $HEADING['MODIFY_DELETE_PAGE']; ?> </h2> </td> <td align="right"></td>
// fix secunia 2010-91-2 $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // Work-out if we should check for existing page_code $field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code'); // add Admin to admin and viewing-groups $admin_groups[] = 1; $viewing_groups[] = 1; // After check print the header $admin->print_header(); // check parent page permissions: if ($parent != 0) { if (!$admin->get_page_permission($parent, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } elseif (!$admin->get_permission('pages_add_l0', 'system')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // check module permissions: if (!$admin->get_permission($module, 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Validate data if ($title == '' || substr($title, 0, 1) == '.') { $admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']); } // Check to see if page created has needed permissions if (!in_array(1, $admin->get_groups_id())) { $admin_perm_ok = false; foreach ($admin_groups as $adm_group) { if (in_array($adm_group, $admin->get_groups_id())) {
if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php require_once LEPTON_PATH . '/framework/summary.addon_precheck.php'; require_once LEPTON_PATH . '/framework/class.admin.php'; // create Admin object with admin header // check user permissions for admintools (redirect users with wrong permissions) $admin = new admin('Admintools', 'admintools', true); $msg = array(); $error_msg = array(); $backlink = 'index.php?advanced=yes'; if ($admin->get_permission('admintools') == true) { /*'reload_all', not yet*/ $post_check = array('reload_modules', 'reload_templates', 'reload_languages'); /** * check if there is anything to do */ foreach ($post_check as $index => $key) { if (!isset($_POST[$key]) && !isset($_POST['reload_all'])) { unset($post_check[$index]); } } if (count($post_check) == 0) { $error_msg[] = '<span class="normal bold red">' . $MESSAGE['GENERIC_PLEASE_CHECK_BACK_SOON'] . '</span>'; } else { /** * check if user has permissions to access this file
$page_id = (int) $_GET['page_id']; $section_id = (int) $_GET['section_id']; } else { $page_id = (int) $_POST['page_id']; $section_id = (int) $_POST['section_id']; } } else { if (!isset($admin)) { require_once WB_PATH . '/modules/admin.php'; } //if (!isset($admin)).. Darf man das? } if (!$admin->is_authenticated()) { die; } else { if (!$admin->get_permission($mod_dir, 'module')) { die; } } // Load Language file if (LANGUAGE_LOADED) { if (!file_exists(WB_PATH . '/modules/' . $mod_dir . '/languages/' . LANGUAGE . '.php')) { require_once WB_PATH . '/modules/' . $mod_dir . '/languages/EN.php'; } else { require_once WB_PATH . '/modules/' . $mod_dir . '/languages/' . LANGUAGE . '.php'; } } require_once WB_PATH . '/modules/' . $mod_dir . '/functions_small.php'; if (isset($section_id)) { $topic_id = 0; if (isset($_REQUEST['topic_id'])) {
// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('access.htt'))); // $template->debug = true; $template->set_file('page', 'access.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_block('main_block', 'users_block', 'user'); $template->set_block('main_block', 'groups_block', 'group'); // Insert values into the template object $template->set_var(array('ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'WB_URL' => WB_URL)); /** * Insert permission values into the template object * Deprecated - as we are using blocks. */ $display_none = "style=\"display: none;\""; if ($admin->get_permission('users') != true) { $template->set_var('DISPLAY_USERS', $display_none); } if ($admin->get_permission('groups') != true) { $template->set_var('DISPLAY_GROUPS', $display_none); } // Insert section names and descriptions $template->set_var(array('USERS' => $MENU['USERS'], 'GROUPS' => $MENU['GROUPS'], 'ACCESS' => $MENU['ACCESS'], 'USERS_OVERVIEW' => $OVERVIEW['USERS'], 'GROUPS_OVERVIEW' => $OVERVIEW['GROUPS'])); if ($admin->get_permission('users') == true) { $template->parse('main_block', "users_block", true); } if ($admin->get_permission('groups') == true) { $template->parse('main_block', "groups_block", true); } // Parse template object $template->parse('main', 'main_block', false);
* Try to get the "uninstall" information for this template. */ $temp_filename = LEPTON_PATH . "/templates/" . $addon['directory'] . "/info.php"; if (file_exists($temp_filename)) { $template_delete = true; require $temp_filename; if (true === $template_delete) { $template->set_var('VALUE', $addon['directory']); $template->set_var('NAME', $addon['name']); $template->parse('template_uninstall_list', 'template_uninstall_list_block', true); } } } } // Insert permissions values if ($admin->get_permission('templates_install') != true) { $template->set_var('DISPLAY_INSTALL', 'hide'); } if ($admin->get_permission('templates_uninstall') != true) { $template->set_var('DISPLAY_UNINSTALL', 'hide'); } if ($admin->get_permission('templates_view') != true) { $template->set_var('DISPLAY_LIST', 'hide'); } // Insert language headings $template->set_var(array('HEADING_INSTALL_TEMPLATE' => $HEADING['INSTALL_TEMPLATE'], 'HEADING_UNINSTALL_TEMPLATE' => $HEADING['UNINSTALL_TEMPLATE'], 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS'])); // Insert language text and messages $template->set_var(array('URL_MODULES' => $admin->get_permission('modules') ? '<a class="button" href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>' : '', 'URL_LANGUAGES' => $admin->get_permission('languages') ? '<a class="button" href="' . ADMIN_URL . '/languages/index.php">' . $MENU['LANGUAGES'] . '</a>' : '', 'URL_ADVANCED' => $admin->get_permission('admintools') ? '<a class="button" href="' . ADMIN_URL . '/modules/index.php?advanced">' . $TEXT['ADVANCED'] . '</a>' : '', 'TEXT_INSTALL' => $TEXT['INSTALL'], 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'CHANGE_TEMPLATE_NOTICE' => $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'])); // Parse template object $template->parse('main', 'main_block', false); $template->pparse('output', 'page');