* @license http://www.gnu.org/licenses/gpl-2.0.html
*/
require '../../../config.php';
$bAdminHeader = FALSE;
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_settings', $bAdminHeader);
// check if user can change things to avoid any submission from a logged in not admin user
if ($admin->get_permission('pages_modify') == false) {
exit;
}
// Create the Fields from Submission
$aFromString = explode("-", $_POST['id']);
$sDbField = $aFromString[0];
$iPageId = intval($aFromString[1]);
//sanitize new value to update
$sNewValue = str_replace(array("[[", "]]", "\n", "\t"), '', htmlspecialchars($admin->add_slashes($admin->get_post('value'))));
$aCheckPagesFields = array('page_title', 'description', 'keywords');
// GET TOOL SETTINGS FROM DB (Json Array)
$jsonSettings = $database->get_one("SELECT `settings_json` FROM `" . TABLE_PREFIX . "mod_page_seo_tool`");
$aSettings = json_decode($jsonSettings, TRUE);
if (!defined('REWRITE_URL') && $aSettings['rewriteUrl']['use'] == TRUE) {
define('REWRITE_URL', $aSettings['rewriteUrl']['dbString']);
array_push($aCheckPagesFields, REWRITE_URL);
}
// UPDATE the DB Field
if (isset($_POST['value']) && in_array($sDbField, $aCheckPagesFields)) {
// Update page settings in the pages table
$sUpdateQuery = 'UPDATE `' . TABLE_PREFIX . 'pages` SET `' . $sDbField . '` = "' . $sNewValue . '" WHERE `page_id` = ' . $iPageId;
$database->query($sUpdateQuery);
}
if ($database->is_error() == FALSE) {
}
}
// end include class.secure.php
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Access', 'users_modify');
// Check if user id is a valid number and doesnt equal 1
if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : '';
$active = addslashes($_POST['active'][0]);
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES));
$username = $admin->get_post_escaped($username_fieldname);
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES));
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php');
}
if (strlen($username) < 3) {
$admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php');
}
if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) {
$admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php');
if (!defined('WB_PATH')) {
require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('admin', false)) {
require WB_PATH . '/framework/class.admin.php';
}
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_add', false);
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get values
$title = $admin->get_post('title');
$title = htmlspecialchars($title);
$module = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('type'));
// fix secunia 2010-93-4
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-2
$visibility = $admin->get_post('visibility');
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-91-2
$admin_groups = $admin->get_post('admin_groups');
$viewing_groups = $admin->get_post('viewing_groups');
// Work-out if we should check for existing page_code
$field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code');
// add Admin to admin and viewing-groups
}
// After check print the header
$admin->print_header();
// Check if user id is a valid number and doesnt equal 1
if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
$active = $admin->add_slashes($_POST['active'][0]);
$username_fieldname = $admin->get_post_escaped('username_fieldname');
$username = strtolower($admin->get_post_escaped($username_fieldname));
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->get_post_escaped('display_name');
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
$admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
}
if ($password != "") {
if (strlen($password) < 2) {
$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back);
}
}
}
// end include class.secure.php
// Get page id
if (!isset($_POST['page_id']) or !is_numeric($_POST['page_id'])) {
header("Location: index.php");
exit(0);
} else {
$page_id = $_POST['page_id'];
}
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_settings');
// Include the functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
// Get values
$page_link = htmlspecialchars(addslashes($admin->get_post('link')));
if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
$page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET);
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET);
} else {
$page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT, DEFAULT_CHARSET);
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT, DEFAULT_CHARSET);
}
$description = htmlspecialchars(addslashes($admin->get_post('description')));
$keywords = htmlspecialchars(addslashes($admin->get_post('keywords')));
$page_code = htmlspecialchars(addslashes($admin->get_post('page_code')));
$parent = $admin->get_post_escaped('parent');
$visibility = $admin->get_post_escaped('visibility');
$template = $admin->get_post_escaped('template');
$target = $admin->get_post_escaped('target');
$admin_groups = $admin->get_post_escaped('admin_groups');
}
// Load Language file
if (!file_exists(WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php')) {
require_once WB_PATH . '/modules/capslider/languages/EN.php';
} else {
require_once WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php';
}
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
// Validate all fields
if ($admin->get_post('title') == '') {
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id);
} else {
$title = $admin->add_slashes($admin->get_post('title'));
$height = $admin->add_slashes($admin->get_post('height'));
$width = $admin->add_slashes($admin->get_post('width'));
$speed = $admin->add_slashes($admin->get_post('speed'));
$delay = $admin->add_slashes($admin->get_post('delay'));
$panel = $admin->add_slashes($admin->get_post('panel'));
}
$gtable = TABLE_PREFIX . 'mod_capslider_groups';
// Update row
$database->query("UPDATE " . $gtable . " SET `group_name` = '{$title}',`height` = '{$height}' ,`width` = '{$width}',`speed` = '{$speed}',`delay` = '{$delay}',`panel` = '{$panel}' WHERE group_id = '{$group_id}'");
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
$admin->print_error($database->get_error(), WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id);
} else {
require_once WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php';
}
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
include_once 'resize_img.php';
// Create Imagedir (/slide is rejected by some add_blockers, use slide inverted
$slide_dir = WB_PATH . MEDIA_DIRECTORY . '/slider/';
make_dir($slide_dir);
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
// Validate all fields
if ($admin->get_post('comments') == '') {
$admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id);
} else {
$active = $admin->get_post('active');
$group = $admin->add_slashes($admin->get_post('group'));
$alt = $admin->add_slashes($admin->get_post('alt'));
$height = $admin->add_slashes($admin->get_post('height'));
$width = $admin->add_slashes($admin->get_post('width'));
$image = $admin->add_slashes($admin->get_post('image'));
$comments = $admin->add_slashes($admin->get_post('comments'));
$modified_when = time();
$modified_by = $admin->get_user_id();
// Check if the user uploaded an image or wants to delete one
if (isset($_FILES['newimage']['tmp_name']) && $_FILES['newimage']['tmp_name'] != '') {
// Get real filename and set new filename
$filename = $_FILES['newimage']['name'];
$allow_empty_values = array('website_header', 'website_footer', 'sec_anchor', 'pages_directory', 'page_spacer', 'wbmailer_smtp_secure');
$disallow_in_fields = array('pages_directory', 'media_directory', 'wb_version');
// Query current settings in the db, then loop through them and update the db with the new value
$settings = array();
$old_settings = array();
// Query current settings in the db, then loop through them to get old values
$sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings` ' . 'ORDER BY `name`';
if ($res_settings = $database->query($sql)) {
$passed = false;
while ($setting = $res_settings->fetchRow(MYSQLI_ASSOC)) {
$old_settings[$setting['name']] = $setting['value'];
$setting_name = $setting['name'];
if ($setting_name == 'wb_version') {
continue;
}
$value = $admin->get_post($setting_name);
$value = is_null($value) ? '' : $value;
$value = isset($_POST[$setting_name]) ? $value : $old_settings[$setting_name];
switch ($setting_name) {
case 'default_timezone':
$value = $value * 60 * 60;
$passed = true;
break;
case 'string_dir_mode':
$value = $dir_mode;
$passed = true;
break;
case 'string_file_mode':
$value = $file_mode;
$passed = true;
break;
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Access', 'users_add', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/users/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
$aInputs = array();
$aInputs = array_merge($_POST);
// Get details entered
$groups_id = isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : '';
$active = intval(is_array($aInputs['active']) ? $aInputs['active'][0] : $aInputs['active']);
$username_fieldname = $admin->get_post('username_fieldname');
$username = strtolower($admin->get_post($username_fieldname));
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->get_post('display_name');
$email = $admin->get_post('email');
$home_folder = $admin->get_post('home_folder');
$default_language = DEFAULT_LANGUAGE;
$default_timezone = DEFAULT_TIMEZONE;
// Check values
if ($groups_id == '') {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
$admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
}
{
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
*/
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url);
}
// After check print the header
$admin->print_header();
// Include the WB functions file
if (!function_exists('create_access_file')) {
require WB_PATH . '/framework/functions.php';
}
// Get values
$page_title = $admin->StripCodeFromText($admin->get_post('page_title'));
$menu_title = $admin->StripCodeFromText($admin->get_post('menu_title'));
$page_code = intval($admin->get_post('page_code'));
$description = $admin->StripCodeFromText($admin->get_post('description'));
$keywords = $admin->StripCodeFromText($admin->get_post('keywords'));
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-3
$visibility = $admin->StripCodeFromText($admin->get_post('visibility'));
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-93-3
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template'));
// fix secunia 2010-93-3
$template = $template == DEFAULT_TEMPLATE ? '' : $template;
$target = preg_replace("/\\W/", "", $admin->get_post('target'));
*/
$pagetree_url = ADMIN_URL . '/pages/index.php';
$target_url = ADMIN_URL . '/pages/settings.php?page_id=' . $page_id;
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url);
}
// After check print the header
$admin->print_header();
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get values
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
$the_link = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('link')));
$page_code = intval($admin->get_post('page_code'));
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-3
$visibility = $admin->get_post_escaped('visibility');
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-93-3
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template'));
// fix secunia 2010-93-3
//$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template);
$target = preg_replace("/\\W/", "", $admin->get_post('target'));
$admin_groups = $admin->get_post_escaped('admin_groups');
$viewing_groups = $admin->get_post_escaped('viewing_groups');
}
// end include class.secure.php
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_add');
// Include the functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
global $MESSAGE;
global $database;
// Get values
$title = $admin->get_post_escaped('title');
if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
$title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET);
} else {
$title = htmlspecialchars($title, ENT_COMPAT, DEFAULT_CHARSET);
}
$module = $admin->get_post('type');
$parent = $admin->get_post('parent');
$visibility = $admin->get_post('visibility');
$admin_groups = $admin->get_post('admin_groups');
$viewing_groups = $admin->get_post('viewing_groups');
// add Admin and view groups
$admin_groups[] = 1;
$viewing_groups[] = 1;
if ($parent != 0) {
if (!$admin->get_page_permission($parent, 'admin')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
} elseif (!$admin->get_permission('pages_add_l0', 'system')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Validate data
sort($FILE);
foreach ($FILE as $name) {
$temp_id++;
if ($file_id == $temp_id) {
$rename_file = $name;
$type = 'file';
}
}
}
}
$file_id = $admin->getIDKEY($file_id);
if (!isset($rename_file)) {
$admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false);
}
// Check if they entered a new name
if (media_filename($admin->get_post('name')) == "") {
$admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir={$directory}&id={$file_id}", false);
} else {
$old_name = $admin->get_post('old_name');
$new_name = media_filename($admin->get_post('name'));
}
// Check if they entered an extension
if ($type == 'file') {
if (media_filename($admin->get_post('extension')) == "") {
$admin->print_error($MESSAGE['MEDIA_BLANK_EXTENSION'], "rename.php?dir={$directory}&id={$file_id}", false);
} else {
$extension = media_filename($admin->get_post('extension'));
}
} else {
$extension = '';
}
require dirname(dirname(dirname(__DIR__))) . '/config.php';
if (!class_exists('admin', false)) {
require WB_PATH . '/framework/class.admin.php';
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
$admin->print_header();
$admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
$admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
$title = $admin->add_slashes($admin->get_post('title'));
$active = (int) $admin->get_post('active');
$admin_view = (int) $admin->get_post('admin_view');
$admin_edit = (int) $admin->get_post('admin_edit');
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
$description = $admin->add_slashes($admin->get_post('description'));
$tags = array('<?php', '?>', '<?');
$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
$comments = trim($admin->add_slashes($admin->get_post('comments')));
$modified_when = time();
$modified_by = (int) $admin->get_user_id();
}
// Update row
*/
// Print admin header
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Access', 'groups_add', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Gather details entered
$group_name = $database->escapeString(trim(strip_tags($admin->get_post('group_name'))));
// Check values
if ($group_name == "") {
$admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
$sql = 'SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'groups` ' . 'WHERE `name`=\'' . $group_name . '\'';
if ($database->get_one($sql)) {
$admin->print_error($MESSAGE['GROUPS_GROUP_NAME_EXISTS'], $js_back);
}
// Get system and module permissions
require ADMIN_PATH . '/groups/get_permissions.php';
// Update the database
$sql = 'INSERT INTO `' . TABLE_PREFIX . 'groups` ' . 'SET `name`=\'' . $group_name . '\', ' . '`system_permissions`=\'' . $system_permissions . '\', ' . '`module_permissions`=\'' . $module_permissions . '\', ' . '`template_permissions`=\'' . $template_permissions . '\'';
if ($database->query($sql)) {
$admin->print_success($MESSAGE['GROUPS_ADDED'], ADMIN_URL . '/groups/index.php');
} else {
// Target location
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$target = isset(${$requestMethod}['target']) ? ${$requestMethod}['target'] : '';
// Include the WB functions file
$directory = $target == '/' ? '' : $target;
$dirlink = 'index.php?dir=' . $directory;
$rootlink = 'index.php?dir=';
// Check to see if target contains ../
if (!check_media_path($target, false)) {
$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']);
}
// Create relative path of the target location for the file
$relative = WB_PATH . $target . '/';
$resizepath = str_replace(array('/', ' '), '_', $target);
// Find out whether we should replace files or give an error
$overwrite = $admin->get_post('overwrite') != '' ? true : false;
// Get list of file types to which we're supposed to append 'txt'
$get_result = $database->query("SELECT value FROM " . TABLE_PREFIX . "settings WHERE name='rename_files_on_upload' LIMIT 1");
$file_extension_string = '';
if ($get_result->numRows() > 0) {
$fetch_result = $get_result->fetchRow();
$file_extension_string = $fetch_result['value'];
}
$file_extensions = explode(",", $file_extension_string);
// get from settings and add to forbidden list
$forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD);
// Loop through the files
$good_uploads = 0;
$sum_dirs = 0;
$sum_files = 0;
for ($count = 1; $count <= 10; $count++) {
$admin = new admin('Access', 'groups_modify', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Check if group group_id is a valid number and doesnt equal 1
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
if ($group_id < 2) {
// if($admin_header) { $admin->print_header(); }
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Gather details entered
$group_name = $admin->get_post('group_name');
// Check values
if ($group_name == "") {
$admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
// After check print the header
$admin->print_header();
$system_permissions = array();
$query = 'SELECT * FROM `' . TABLE_PREFIX . 'groups` WHERE `group_id` = ' . $group_id;
if ($oRes = $database->query($query)) {
$aRes = $oRes->fetchRow(MYSQLI_ASSOC);
$system_permissions = explode(',', $aRes['system_permissions']);
}
// Get system permissions
require ADMIN_PATH . '/groups/get_permissions.php';
// Update the database
require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('admin', false)) {
require WB_PATH . '/framework/class.admin.php';
}
$admin = new admin('Media', 'media', false);
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// check if theme language file exists for the language set by the user (e.g. DE, EN)
$sAddonName = basename(__DIR__);
require WB_PATH . '/modules/' . $sAddonName . '/languages/EN.php';
if (file_exists(WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php')) {
require WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php';
}
//Save post vars to the parameters file
if (!is_null($admin->get_post("save"))) {
/*
if (!$admin->checkFTAN())
{
$admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'],'browse.php',false);
}
*/
if (DEFAULT_THEME != ' wb_theme') {
//Check for existing settings entry, if not existing, create a record first!
if (!$database->query("SELECT * FROM " . TABLE_PREFIX . "settings where `name`='mediasettings'")) {
$database->query("INSERT INTO " . TABLE_PREFIX . "settings (`name`,`value`) VALUES ('mediasettings','')");
}
} else {
$pathsettings = array();
}
$dirs = directory_list(WB_PATH . MEDIA_DIRECTORY);
}
// After check print the header
$admin->print_header();
$aInputs = array();
$aInputs = array_merge($_POST);
// Check if user id is a valid number and doesnt equal 1
if (!isset($aInputs['user_id']) or !is_numeric($aInputs['user_id']) or $aInputs['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = intval($aInputs['user_id']);
}
// Gather details entered
$groups_id = isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : '';
$active = intval(is_array($aInputs['active']) ? $aInputs['active'][0] : $aInputs['active']);
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->StripCodeFromText($admin->get_post('display_name'));
$email = $admin->get_post('email');
$home_folder = $admin->get_post('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if ($password != "") {
if (strlen($password) < 2) {
$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back);
}
if ($password != $password2) {
$admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back);
}