$admin = new admin('Access', 'groups_modify', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Check if group group_id is a valid number and doesnt equal 1
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
if ($group_id < 2) {
// if($admin_header) { $admin->print_header(); }
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
// Check values
if ($group_name == "") {
$admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
// After check print the header
$admin->print_header();
// Get system permissions
require_once ADMIN_PATH . '/groups/get_permissions.php';
// Update the database
$query = "UPDATE `" . TABLE_PREFIX . "groups` SET `name` = '{$group_name}', `system_permissions` = '{$system_permissions}', `module_permissions` = '{$module_permissions}', `template_permissions` = '{$template_permissions}' WHERE `group_id` = '{$group_id}'";
$database->query($query);
if ($database->is_error()) {
$admin->print_error($database->get_error());
} else {
$admin->print_success($MESSAGE['GROUPS_SAVED'], ADMIN_URL . '/groups/index.php');
* @lastmodified $Date: 2015-04-27 10:02:19 +0200 (Mo, 27. Apr 2015) $
*
*/
require '../../config.php';
$admin = new admin('Media', 'media', false);
// Include the WB functions file
// check if theme language file exists for the language set by the user (e.g. DE, EN)
if (!file_exists(THEME_PATH . '/languages/' . LANGUAGE . '.php')) {
// no theme language file exists for the language set by the user, include default theme language file EN.php
require_once THEME_PATH . '/languages/EN.php';
} else {
// a theme language file exists for the language defined by the user, load it
require_once THEME_PATH . '/languages/' . LANGUAGE . '.php';
}
//Save post vars to the parameters file
if (!is_null($admin->get_post_escaped("save"))) {
/*
if (!$admin->checkFTAN())
{
$admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'],'browse.php',false);
}
*/
if (DEFAULT_THEME != ' wb_theme') {
//Check for existing settings entry, if not existing, create a record first!
if (!$database->query("SELECT * FROM " . TABLE_PREFIX . "settings where `name`='mediasettings'")) {
$database->query("INSERT INTO " . TABLE_PREFIX . "settings (`name`,`value`) VALUES ('mediasettings','')");
}
} else {
$pathsettings = array();
}
$dirs = directory_list(WB_PATH . MEDIA_DIRECTORY);
}
// end include class.secure.php
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Access', 'users_modify');
// Check if user id is a valid number and doesnt equal 1
if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : '';
$active = addslashes($_POST['active'][0]);
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES));
$username = $admin->get_post_escaped($username_fieldname);
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES));
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php');
}
if (strlen($username) < 3) {
$admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php');
}
if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) {
$admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php');
}
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Check if user id is a valid number and doesnt equal 1
if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = $_POST['user_id'];
}
// Gather details entered
$groups_id = isset($_POST['groups']) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
$active = $admin->add_slashes($_POST['active'][0]);
$username_fieldname = $admin->get_post_escaped('username_fieldname');
$username = strtolower($admin->get_post_escaped($username_fieldname));
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->get_post_escaped('display_name');
$email = $admin->get_post_escaped('email');
$home_folder = $admin->get_post_escaped('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
$admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
}
if ($password != "") {
if (strlen($password) < 2) {
* @copyright WBCE Project (2015-)
* @license GNU GPL2 (or any later version)
*/
// Create new admin object and print admin header
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Pages', 'pages_add', false);
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get values
$title = $admin->get_post_escaped('title');
$title = htmlspecialchars($title);
$module = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('type'));
// fix secunia 2010-93-4
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-2
$visibility = $admin->get_post('visibility');
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-91-2
$admin_groups = $admin->get_post('admin_groups');
$viewing_groups = $admin->get_post('viewing_groups');
// Work-out if we should check for existing page_code
$field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code');
// add Admin to admin and viewing-groups
{
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
*/
$pagetree_url = ADMIN_URL . '/pages/index.php';
$target_url = ADMIN_URL . '/pages/settings.php?page_id=' . $page_id;
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url);
}
// After check print the header
$admin->print_header();
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
// Get values
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
$the_link = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('link')));
$page_code = intval($admin->get_post('page_code'));
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-3
$visibility = $admin->get_post_escaped('visibility');
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-93-3
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template'));
// fix secunia 2010-93-3
//$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template);
// end include class.secure.php
// Get page id
if (!isset($_POST['page_id']) or !is_numeric($_POST['page_id'])) {
header("Location: index.php");
exit(0);
} else {
$page_id = $_POST['page_id'];
}
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_settings');
// Include the functions file
require_once LEPTON_PATH . '/framework/summary.functions.php';
// Get values
$page_link = htmlspecialchars(addslashes($admin->get_post('link')));
if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
$page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET);
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET);
} else {
$page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT, DEFAULT_CHARSET);
$menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT, DEFAULT_CHARSET);
}
$description = htmlspecialchars(addslashes($admin->get_post('description')));
$keywords = htmlspecialchars(addslashes($admin->get_post('keywords')));
$page_code = htmlspecialchars(addslashes($admin->get_post('page_code')));
$parent = $admin->get_post_escaped('parent');
$visibility = $admin->get_post_escaped('visibility');
$template = $admin->get_post_escaped('template');
$target = $admin->get_post_escaped('target');
$admin_groups = $admin->get_post_escaped('admin_groups');
$viewing_groups = $admin->get_post_escaped('viewing_groups');
$searching = $admin->get_post_escaped('searching');