<link rel="stylesheet" type="text/css" href="../../../../admin/img/styles/base.css,liquid.css,layout.css,sprite.css,last_minute_fixes.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="../../../../admin/img/styles/ie.css" />
<![endif]-->
</head>
<body>
<div id="backup-module" class="module">
<div id="status-report"
<?php
/**
*
* Delete current backup archives
*
*/
$btn_delete = getPOSTparam4IdOrNumber('btn_delete');
if ($do == 'delete' && !empty($btn_delete)) {
echo 'style="display: block;" ';
if (!empty($_POST['file'])) {
// Only if current user has the rights
if ($perm->is_level_okay('manageModBackup', $_SESSION['ccms_userLevel'])) {
echo 'class="notice center-text">';
foreach ($_POST['file'] as $value) {
$value = filterParam4Filename($value);
// strips any slashes as well, so attacks like '../../../../../../../../../etc/passwords' won't pass
if (!empty($value)) {
unlink('../../../../media/files/' . $value);
echo ucfirst($value) . ' ' . $ccms['lang']['backend']['statusremoved'] . '.<br/>';
} else {
echo $ccms['lang']['auth']['featnotallowed'];
}
/**
*
* Create a new user as posted by an authorized user
*
*/
if ($do_action == 'add-user' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
FbX::SetFeedbackLocation('user-management.Manage.php');
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
//$i=count(array_filter($_POST));
//if($i <= 6) error
if (empty($_POST['userPass'])) {
throw new FbX($ccms['lang']['system']['error_tooshort']);
}
$userName = strtolower(getPOSTparam4IdOrNumber('user'));
$userPass = md5($_POST['userPass'] . $cfg['authcode']);
$userFirst = getPOSTparam4HumanName('userFirstname');
$userLast = getPOSTparam4HumanName('userLastname');
$userEmail = getPOSTparam4Email('userEmail');
$userActive = getPOSTparam4boolean('userActive');
$userLevel = getPOSTparam4Number('userLevel');
if (empty($userName) || empty($userFirst) || empty($userLast) || empty($userEmail) || !$userLevel) {
throw new FbX($ccms['lang']['system']['error_tooshort']);
}
// Set variables
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['userName'] = MySQL::SQLValue($userName, MySQL::SQLVALUE_TEXT);
$values['userPass'] = MySQL::SQLValue($userPass, MySQL::SQLVALUE_TEXT);
$values['userFirst'] = MySQL::SQLValue($userFirst, MySQL::SQLVALUE_TEXT);
}
/**
*
* Save configuration
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'save-cfg' && checkAuth()) {
$page_id = getPOSTparam4IdOrNumber('page_id');
FbX::SetFeedbackLocation('comment.Manage.php');
try {
if (!empty($page_id)) {
FbX::SetFeedbackLocation('comment.Manage.php', 'page_id=' . $page_id);
// Only if current user has the rights
if ($perm->is_level_okay('manageModComment', $_SESSION['ccms_userLevel'])) {
$showMessage = getPOSTparam4Number('messages');
$showLocale = getPOSTparam4IdOrNumber('locale');
if (!empty($showMessage) && !empty($showLocale)) {
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['page_id'] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
$values['showMessage'] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
$values['showLocale'] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
// Insert or update configuration
if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgcomment', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
header('Location: ' . makeAbsoluteURI('comment.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
} else {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
define('CCMS_PERFORM_MINIMAL_INIT', true);
}
// Define default location
if (!defined('BASE_PATH')) {
$base = str_replace('\\', '/', dirname(dirname(dirname(dirname(dirname(__FILE__))))));
define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
// security check done ASAP
if (!checkAuth() || empty($_SESSION['rc1']) || empty($_SESSION['rc2'])) {
die("No external access to file");
}
$do = getGETparam4IdOrNumber('do');
$btn_backup = getPOSTparam4IdOrNumber('btn_backup');
if ($do == 'backup' && $btn_backup == 'dobackup') {
// Include back-up functions
/*MARKER*/
require_once './functions.php';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Back-up & Restore module</title>
<link rel="stylesheet" type="text/css" href="../../../../admin/img/styles/base.css,liquid.css,layout.css,sprite.css,last_minute_fixes.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="../../../../admin/img/styles/ie.css" />
<![endif]-->
<?php
exit;
}
// Close step three
// Step four
if ($nextstep == '4' && checkAuth()) {
//
// Installation actions
// - Process database
//
$db_host = array("db_host" => getPOSTparam4IdOrNumber('db_host'));
$db_user = array("db_user" => getPOSTparam4IdOrNumber('db_user'));
$db_pass = array("db_pass" => $_POST['db_pass']);
// must be RAW
$db_name = array("db_name" => getPOSTparam4IdOrNumber('db_name'));
$db_prefix = array("db_prefix" => getPOSTparam4IdOrNumber('db_prefix'));
// Add new data to variable session
$_SESSION['variables'] = array_merge($_SESSION['variables'], $db_host, $db_user, $db_pass, $db_name, $db_prefix);
//
// make sure that these directories exist (previous manual efforts may have removed them):
//
@mkdir(BASE_PATH . '/media');
@mkdir(BASE_PATH . '/media/albums');
@mkdir(BASE_PATH . '/media/files');
@mkdir(BASE_PATH . '/lib/includes/cache');
//
// Check for current chmod(); we only are interesting in whether these files and directories are readable and writeable:
// this also works out for Windows-based servers.
//
$chfile = array();
/*
exit;
}
/**
* switch user ('su'):
*
* - check whether we are authorized to perform this action, and if we are...
*
* - check whether we may switch to the indicated user (who should have equal or
* lower permission settings compared to us (where 'us' is the pluralis majestatis
* for 'admin'), and when so...
*
* - switch the session over to the given user credentials while marking it as a
* 'switched user': we may not 'nest' switching!
*/
if ($target_form == 'switch_user' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
$su_userName = getPOSTparam4IdOrNumber('su_userName');
if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userLevel']) || $_SESSION['ccms_userLevel'] < 4 || !empty($_SESSION['ccms_isSwitchedUser']) || empty($su_userName)) {
die_with_forged_failure_msg(__FILE__, __LINE__);
}
$logmsg = null;
$su_arr = explode('_', $su_userName, 2);
if (count($su_arr) != 2) {
die_with_forged_failure_msg(__FILE__, __LINE__);
}
$values = array();
$values['userID'] = MySQL::SQLValue($su_arr[0], MySQL::SQLVALUE_NUMBER);
$values['userName'] = MySQL::SQLValue($su_arr[1], MySQL::SQLVALUE_TEXT);
$values[] = 'userLevel < ' . MySQL::SQLValue($_SESSION['ccms_userLevel'], MySQL::SQLVALUE_NUMBER);
$values['userActive'] = MySQL::SQLValue(true, MySQL::SQLVALUE_BOOLEAN);
$row = $db->SelectSingleRowArray($cfg['db_prefix'] . 'users', $values);
if ($db->ErrorNumber()) {
