/**
* Конструктор.
*/
public function __construct()
{
if ($this->Started == false) {
if (isset($_GET['PHPSESSID'])) {
// Установка ИД сессии
session_id($_GET['PHPSESSID']);
} elseif (isset($_POST['PHPSESSID'])) {
session_id($_POST['PHPSESSID']);
} elseif (isset($_COOKIE['PHPSESSID'])) {
session_id($_COOKIE['PHPSESSID']);
}
session_set_cookie_params(0, GetSiteDir(true));
if (!session_start()) {
echo $this->errors[] = '<b>Внимание!</b>: User->User(): Ошибка при запуске сессии.<br />';
} else {
$this->Started = true;
}
}
if (!isset($_SESSION['u_ip']) || $_SESSION['u_ip'] != getip()) {
// сессия привязывается к ip адресу
$_SESSION = array();
}
$this->session = $_SESSION;
$this->Auth = $this->Get('u_auth');
// Пишем свой http_referer. Брать реферер из $_SERVER['HTTP_REFERER'].
if (!IsAjax()) {
// Не Ajax запрос
if ($this->isDef('REFERER')) {
$_SERVER['HTTP_REFERER'] = $this->Get('REFERER');
// Пишем свой HTTP_REFERER
// Модуль History
if ($this->isDef('HISTORY')) {
$history = $this->Get('HISTORY');
$history[] = $_SERVER['HTTP_REFERER'];
if (count($history) > 10) {
// Максимальное число шагов которое сохраняется в сессии
array_shift($history);
}
$this->Def('HISTORY', $history);
} else {
$this->Def('HISTORY', array($_SERVER['HTTP_REFERER']));
}
} else {
if (isset($_SERVER['HTTP_REFERER']) && trim($_SERVER['HTTP_REFERER']) != '') {
$this->Def('FIRST_REFERER', SafeEnv(trim($_SERVER['HTTP_REFERER']), 255, str));
}
}
$this->Def('REFERER', GetSiteHost() . $_SERVER['REQUEST_URI']);
}
}
function DetectAttacks($a_fields)
{
$s_info = $s_attack = "";
$b_attacked = false;
$s_user_info = "";
if (Settings::get('ATTACK_DETECTION_MIME')) {
if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_DUPS')) {
if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && Settings::get('ATTACK_DETECTION_SPECIALS')) {
if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && (Settings::get('ATTACK_DETECTION_MANY_URLS') || Settings::get('ATTACK_DETECTION_MANY_URL_FIELDS'))) {
if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (Settings::get('ATTACK_DETECTION_JUNK')) {
if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_REVERSE_CAPTCHA')) {
if (DetectRevCaptchaAttack(Settings::get('ATTACK_DETECTION_REVERSE_CAPTCHA'), $a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if ($b_attacked) {
if (function_exists('FMHookAttacked')) {
FMHookAttacked('');
}
/* in the future, pass the type of attack */
if (Settings::get('ALERT_ON_ATTACK_DETECTION')) {
SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false);
}
if (!IsAjax() && Settings::get('ATTACK_DETECTION_URL') !== "") {
Redirect(Settings::get('ATTACK_DETECTION_URL'), GetMessage(MSG_FORM_ERROR));
} else {
global $SERVER;
CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR));
}
exit;
}
}
function AdminConfigGroupDelete()
{
$back_url = '';
if (!AdminConfigPlugins()) {
$back_url = ADMIN_FILE . '?exe=config_admin&a=view_groups&delok';
} else {
$back_url = ADMIN_FILE . '?exe=config_admin&a=view_groups_plugins&plugins=1&delok';
}
if (!isset($_GET['id'])) {
GO($back_url);
} else {
$id = SafeEnv($_GET['id'], 11, int);
}
if (isset($_GET['ok']) && $_GET['ok'] == '1' || IsAjax()) {
System::database()->Select(AdminConfigGroupTable(), "`id`='{$id}'");
$conf = System::database()->FetchRow();
System::database()->Delete(AdminConfigGroupTable(), "`id`='{$id}'");
System::database()->Delete(AdminConfigConfigTable(), "`group_id`='{$id}'");
Audit('Управление настройками: Удаление группы настроек "' . $conf['hname'] . '(' . $conf['name'] . ')" в "' . AdminConfigGroupTable() . '"');
GO($back_url);
} else {
$r = System::database()->Select(AdminConfigGroupTable(), "`id`='{$id}'");
AddCenterBox('Удаление группы навтроек');
System::admin()->HighlightConfirm('Это может повлиять на работу системы. Нажмите отмена, если не уверены. Удалить группу настроек "' . SafeDB($r[0]['hname'], 255, str) . '"?', ADMIN_FILE . '?exe=config_admin&a=delete&id=' . $id . '&ok=1' . (AdminConfigPlugins() ? '&plugins=1' : ''));
}
}
function AdminNewsDelete()
{
global $news_access_editnews;
if (!$news_access_editnews) {
System::admin()->AccessDenied();
}
if (!isset($_REQUEST['id'])) {
exit('ERROR');
}
if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') {
$id = SafeEnv($_REQUEST['id'], 11, int);
System::database()->Select('news', "`id`='{$id}'");
$news = System::database()->FetchRow();
System::database()->Delete('news', "`id`='{$id}'");
System::database()->Delete('news_comments', "`object_id`='{$id}'");
if ($news['enabled']) {
CalcNewsCounter(SafeDB($news['topic_id'], 11, int), false);
}
AdminNewsClearBlockCache();
Audit('Удаление новости "' . $news['title'] . '"');
if (isset($_GET['back'])) {
GoRefererUrl($_GET['back']);
}
GO(ADMIN_FILE . '?exe=news');
} else {
System::admin()->AddCenterBox('Удаление новости');
System::database()->Select('news', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'");
$news = System::database()->FetchRow();
$id = SafeDB($_REQUEST['id'], 11, int);
$back = SafeDB($_REQUEST['back'], 255, str);
System::admin()->HighlightConfirmNoAjax('Удалить новость "' . SafeDB($news['title'], 255, str) . '"?', ADMIN_FILE . '?exe=news&a=delete&id=' . $id . '&back=' . $back . '&ok=1');
}
}
function AdminArticlesDelete()
{
global $editarticles;
if (!$editarticles) {
System::admin()->AccessDenied();
}
if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') {
$id = SafeEnv($_GET['id'], 11, int);
$r = System::database()->Select('articles', "`id`='" . $id . "'");
AdminArticlesGetTree()->CalcFileCounter($r[0]['cat_id'], false);
System::database()->Delete('articles', "`id`='{$id}'");
System::database()->Delete('articles_comments', "`object_id`='{$id}'");
Audit('Статьи: Удаление статьи "' . $r['title'] . '"');
GoRefererUrl($_REQUEST['back']);
} else {
System::admin()->AddCenterBox('Удаление статьи');
System::database()->Select('articles', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'");
$article = System::database()->FetchRow();
$id = SafeDB($_REQUEST['id'], 11, int);
$back = SafeDB($_REQUEST['back'], 255, str);
System::admin()->HighlightConfirmNoAjax('Удалить статью "' . SafeDB($article['title'], 255, str) . '"?', ADMIN_FILE . '?exe=articles&a=delete&id=' . $id . '&ok=1&back=' . $back);
}
}
function AdminUserDelUser()
{
if (isset($_GET['ok']) && $_GET['ok'] == '1') {
$userid = SafeEnv($_GET['id'], 11, int);
System::database()->Select('users', "`id`='{$userid}'");
$guser = System::database()->FetchRow();
if (isset($_POST['del_comments']) && $_POST['del_comments'] == '1') {
DeleteAllUserComments($userid);
} else {
UpdateUserComments($userid, '0', SafeEnv($guser['name'], 50, str), SafeEnv($guser['email'], 50, str), SafeEnv($guser['hideemail'], 1, bool), SafeEnv($guser['url'], 250, str));
}
System::database()->Delete('users', "`id`='{$userid}'");
Audit('Пользователи: Удаление пользователя "' . $guser['name'] . '"');
// Очищаем кэш пользователей
System::cache()->Delete(system_cache, 'users');
if (IsAjax()) {
exit("OK");
}
GO(ADMIN_FILE . '?exe=user');
} else {
$userid = SafeEnv($_GET['id'], 11, int);
$r = System::database()->Select('users', "`id`='" . $userid . "'");
$userid = SafeDB($_GET['id'], 11, int);
System::admin()->AddJS('
AjaxDeleteUser = function(){
Admin.ShowSplashScreen("Удаление пользователя");
var del = $("#del_comments:checked").val();
if(del == null){
del = "0";
}
$.ajax({
type: "POST",
url: "' . ADMIN_FILE . '?exe=user&a=deluser&id=' . $userid . '&ok=1",
data: {del_comments: del},
success: function(data){
Admin.LoadPage("' . ADMIN_FILE . '?exe=user", undefined, "Обновление страницы");
Admin.HideSplashScreen();
}
});
};
');
AddCenterBox('Удаление пользователя');
$Text = 'Вы действительно хотите удалить пользователя "' . $r[0]['name'] . '"?';
$Text .= '<br /><br />' . System::admin()->Check('del_comments', '1', false, 'id="del_comments"') . '<label for="del_comments" style="cursor: pointer;">Удалить все комментарии этого пользователя</label><br /><br />' . System::admin()->SpeedButton('Отмена', 'javascript:history.go(-1)', 'images/admin/delete.png', false, true) . ' ' . System::admin()->SpeedConfirmJs('Да', 'AjaxDeleteUser();', 'images/admin/accept.png', '', true);
System::admin()->Highlight($Text);
}
}
function AdminMailChangeTopicStatus()
{
System::database()->Select('mail_topics', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
$r = System::database()->FetchRow();
if ($r['status'] == 1) {
$status = '0';
} else {
$status = '1';
}
System::database()->Update('mail_topics', "status='{$status}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
Audit('Рассылки: Закрытие рассылки "' . $r['title'] . '"');
System::cache()->Delete('block', 'mail');
if (IsAjax()) {
exit("OK");
}
GO(ADMIN_FILE . '?exe=mail');
}
function AdminFeedBackChangeStatus()
{
System::database()->Select('feedback', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
if (System::database()->NumRows() > 0) {
$r = System::database()->FetchRow();
if ($r['active'] == 1) {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('feedback', "active='{$en}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
Audit('Обратная связь: Изменение статуса департамента "' . $r['name'] . '"');
}
if (IsAjax()) {
exit("OK");
} else {
GO(ADMIN_FILE . '?exe=feedback');
}
}
// Проверка логина и пароля
$admin_name = $_POST['admin_name'];
$admin_password = $_POST['admin_password'];
$admin_template = $_POST['admin_template'];
$a = System::user()->Login($admin_name, $admin_password, false, true);
if ($a === true && System::user()->SecondLoginAdmin) {
System::user()->Data('admin_template', $admin_template);
Audit('Вход в админ-панель');
} else {
System::user()->UnsetCookie(System::user()->AdminCookieName);
System::admin()->Login('Неверный логин или пароль.');
// exit
}
} else {
// Форма авторизации
if (IsAjax()) {
exit(JsonEncode(array('auth' => GetPageUri(true))));
}
System::admin()->Login();
// exit
}
}
System::admin()->InitPage();
define('INDEX_PHP', false);
// Получаем имя модуля
$ModuleName = '';
if (!isset($_GET['exe'])) {
$ModuleName = 'adminpanel';
} else {
$ModuleName = $_GET['exe'];
if ($ModuleName == 'exit') {
function AdminForumChangeStatus()
{
$id = SafeEnv($_GET['id'], 11, int);
System::database()->Select('forums', "`id`='{$id}'");
$r = System::database()->FetchRow();
if ($r['status'] == 1) {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('forums', "status='{$en}'", "`id`='{$id}'");
Audit('Форум: Изменение статуса форума "' . $r['title'] . '"');
ForumCacheClear();
if (IsAjax()) {
exit("OK");
}
GO(ADMIN_FILE . '?exe=forum');
}
function AdminSiteMessagesChangeStatus()
{
$msg_id = SafeEnv($_GET['id'], 11, int);
System::database()->Select('messages', "`id`='{$msg_id}'");
if (System::database()->NumRows() > 0) {
$message = System::database()->FetchRow();
if ($message['active'] == 1) {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('messages', "active='{$en}'", "`id`='{$msg_id}'");
Audit('Сообщения: Изменение статуса сообщения "' . $message['title'] . '"');
}
if (IsAjax()) {
exit("OK");
}
GO(ADMIN_FILE . '?exe=messages');
}
/**
* Изменения статуса отображения страницы или ссылки в меню
* @return void
*/
function AdminPagesChangeMenu()
{
$page_id = SafeEnv($_GET['id'], 11, int);
System::database()->Select('pages', "`id`='{$page_id}'");
$page = System::database()->FetchRow();
if ($page['showinmenu'] == 1) {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('pages', "showinmenu='{$en}'", "`id`='{$page_id}'");
Audit('Страницы: Изменение статуса показа в меню для "' . $page['title'] . '"');
AdminPagesClearCache();
if (IsAjax()) {
echo 'OK';
exit;
} else {
GO(ADMIN_FILE . '?exe=pages');
}
}
function AdminDownloadsDeleteFile()
{
if (!System::user()->CheckAccess2('downloads', 'edit_files')) {
System::admin()->AccessDenied();
}
if (IsAjax() || isset($_GET['ok']) && SafeEnv($_GET['ok'], 1, int) == '1') {
$id = SafeEnv($_GET['id'], 11, int);
$r = System::database()->Select('downloads', "`id`='{$id}'");
AdminDownloadsGetTree()->CalcFileCounter(SafeDB($r[0]['category'], 11, int), false);
if (is_file(RealPath2($r[0]['url']))) {
unlink(RealPath2($r[0]['url']));
}
System::database()->Delete('downloads', "`id`='{$id}'");
System::database()->Delete('downloads_comments', "`object_id`='{$id}'");
Audit('Архив файлов: Удаление файла "' . $r['title'] . '"');
GoRefererUrl($_REQUEST['back']);
} else {
System::admin()->AddCenterBox('Удаление файла');
System::database()->Select('downloads', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'");
$file = System::database()->FetchRow();
$id = SafeDB($_REQUEST['id'], 11, int);
$back = SafeDB($_REQUEST['back'], 255, str);
System::admin()->HighlightConfirmNoAjax('Удалить файл "' . SafeDB($file['title'], 255, str) . '"?', ADMIN_FILE . '?exe=downloads&a=deletefile&id=' . $id . '&ok=1&back=' . $back);
}
}
function AdminBlocksChangeStatus()
{
System::database()->Select('blocks', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
if (System::database()->NumRows() > 0) {
$r = System::database()->FetchRow();
if (SafeDB($r['enabled'], 1, int) == 1) {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('blocks', "enabled='{$en}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
Audit('Блока: Изменение статуса блока "' . $r['title'] . '"');
}
if (IsAjax()) {
exit("OK");
}
GO(ADMIN_FILE . '?exe=blocks');
}
function AdminGuestBookDeleteMessage()
{
if (!System::user()->CheckAccess2('guestbook', 'edit')) {
System::admin()->AccessDenied();
}
if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') {
System::database()->Delete('guestbook', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'");
Audit('Гостевая книга: Удаление сообщения');
if (isset($_GET['back'])) {
GoRefererUrl($_GET['back']);
} else {
GO(ADMIN_FILE . '?exe=guestbook');
}
} else {
System::admin()->AddCenterBox('Удаление сообщения');
System::admin()->HighlightConfirmNoAjax('Удалить сообщение?', ADMIN_FILE . '?exe=guestbook&a=delete&id=' . SafeDB($_REQUEST['id'], 11, int) . '&ok=1' . '&back=' . SafeDB($_REQUEST['back'], 255, str));
}
}
function DetectAttacks($a_fields)
{
global $ATTACK_DETECTION_DUPS, $ATTACK_DETECTION_REVERSE_CAPTCHA;
$s_info = $s_attack = "";
$b_attacked = false;
$s_user_info = "";
if (ATTACK_DETECTION_MIME) {
if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) {
if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && ATTACK_DETECTION_SPECIALS) {
if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) {
if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (ATTACK_DETECTION_JUNK) {
if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if (!$b_attacked && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) {
if (DetectRevCaptchaAttack($ATTACK_DETECTION_REVERSE_CAPTCHA, $a_fields, $s_attack, $s_info, $s_user_info)) {
$b_attacked = true;
}
}
if ($b_attacked) {
if (ALERT_ON_ATTACK_DETECTION) {
SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false);
}
if (!IsAjax() && ATTACK_DETECTION_URL !== "") {
Redirect(ATTACK_DETECTION_URL, GetMessage(MSG_FORM_ERROR));
} else {
global $SERVER;
CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR));
}
exit;
}
}
function AdminPollsChangeStatus()
{
global $editpolls;
if (!$editpolls) {
System::admin()->AccessDenied();
}
$id = SafeEnv($_GET['id'], 11, int);
System::database()->Select('polls', "`id`='{$id}'");
$poll = System::database()->FetchRow();
if ($poll['active'] == '1') {
$en = '0';
} else {
$en = '1';
}
System::database()->Update('polls', "active='{$en}'", "`id`='{$id}'");
Audit('Опросы: Изменение статуса опроса "' . $poll['question'] . '"');
if (IsAjax()) {
exit("OK");
} else {
GO(ADMIN_FILE . '?exe=polls');
}
}
