unset($header, $text); $errors = array($spracheResponse->token); $template_file = $ui->st('d', 'get') == 'ad' ? 'admin_roots_add.tpl' : 'admin_roots_md.tpl'; // Add and modify entries. Same validation can be used. } else { if ($ui->st('d', 'get') == 'ad' or $ui->st('d', 'get') == 'md') { // Error handling. Check if required attributes are set and can be validated $errors = array(); // At this point all variables are defined that can come from the user $id = $ui->id('id', 19, 'post') ? $ui->id('id', 19, 'post') : $ui->id('id', 19, 'get'); // Default variables $keywords = array(); $subpages = array(); $keywords_used = array(); $author = ''; $lang_avail = getlanguages($template_to_use); // Add or mod is opened if (!$ui->smallletters('action', 2, 'post')) { // Add jQuery plugin chosen to the header $htmlExtraInformation['css'][] = '<link href="css/default/chosen/chosen.min.css" rel="stylesheet" type="text/css">'; $htmlExtraInformation['js'][] = '<script src="js/default/plugins/chosen/chosen.jquery.min.js" type="text/javascript"></script>'; $htmlExtraInformation['css'][] = '<link href="css/default/summernote/summernote.css" rel="stylesheet" type="text/css">'; $htmlExtraInformation['js'][] = '<script src="js/default/plugins/summernote/summernote.min.js" type="text/javascript"></script>'; $htmlExtraInformation['js'][] = '<script src="js/default/easy-wi_cms.js" type="text/javascript"></script>'; $subpage = array(); $query = $sql->prepare("SELECT p.`id`,t.`title` FROM `page_pages` p LEFT JOIN `page_pages_text` t ON p.`id`=t.`pageid` AND t.`language`=? WHERE p.`resellerid`=? AND p.`type`='page' ORDER BY t.`title`"); $query2 = $sql->prepare("SELECT `title` FROM `page_pages_text` WHERE `pageid`=? AND `resellerid`=? ORDER BY `language` LIMIT 1"); $query->execute(array($user_language, $resellerLockupID)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $page_title = $row['title']; if ($row['title'] == null or $row['title'] == '') {
$instertedID = $sql->lastInsertId(); $query3->execute(array($instertedID, $user_language, $module['name'], 0)); } else { $query3->execute(array($coreModuleID, $user_language, $module['name'], 0)); } } if ($ui->st('action', 'post') and !token(true)) { unset($header, $text); $errors = array($spracheResponse->token); $template_file = $ui->st('d', 'get') == 'ad' ? 'admin_modules_ad.tpl' : 'admin_modules_md.tpl'; } else { if ($ui->st('d', 'get') == 'ad' or $ui->st('d', 'get') == 'md') { $errors = array(); $id = $ui->id('id', 10, 'get'); $active = $ui->active('active', 'post') ? $ui->active('active', 'post') : 'Y'; $langAvailable = getlanguages($template_to_use); if ($ui->st('d', 'get') == 'ad' or $ui->st('d', 'get') == 'md') { $dbSuccess = false; $file = $ui->config('file', 'post'); $sub = $ui->st('sub', 'post'); $get = $ui->smallletters('get', 255, 'post'); $type = $ui->w('type', 1, 'post'); $files = array(); $dir = EASYWIDIR . '/stuff/custom_modules/'; if (is_dir($dir)) { $dirs = scandir($dir); foreach ($dirs as $row) { if (substr($row, -4) == '.php') { $files[] = $row; } }
if (empty($topics)) { $query2->execute(array($rSA['language'], $row['id'], $resellerLockupID)); $topic = $query2->fetchColumn(); } if (empty($topics)) { $topics = $row['topic']; } if ($row['id'] == $maintopic) { $options[] = "<option value=\"" . $row['id'] . "\" selected=\"selected\">" . $topics . "</option>"; } else { $options[] = "<option value=\"" . $row['id'] . "\">" . $topics . "</option>"; } } $foundlanguages = array(); $query = $sql->prepare("SELECT `text`,`lang` FROM `translations` WHERE `type`='ti' AND `transID`=? AND `lang`=? AND `resellerID`=? LIMIT 1"); foreach (getlanguages($template_to_use) as $langrow2) { unset($lang); $subject = ''; $query->execute(array($id, $langrow2, $resellerLockupID)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $lang = $row['lang']; $subject = $row['text']; } if (isset($lang)) { $style = ''; $checked = 'checked'; $checkbox = "<input type=\"checkbox\" name=\"language[]\" value=\"{$langrow2}\" onclick=\"textdrop('{$langrow2}');\" checked /> "; } else { $style = 'display_none'; $checked = ''; $checkbox = "<input type=\"checkbox\" name=\"language[]\" value=\"{$langrow2}\" onclick=\"textdrop('{$langrow2}');\" /> ";
} } $query = $sql->prepare("SELECT `accounttype` FROM `userdata` WHERE `id`=? LIMIT 1"); $query->execute(array($admin_id)); $userAccounttype = $query->fetchColumn(); // CSFR protection with hidden tokens. If token(true) returns false, we likely have an attack if ($ui->w('action', 4, 'post') and !token(true)) { unset($header, $text); $errors = array($spracheResponse->token); $template_file = $ui->st('d', 'get') == 'ad' ? 'admin_user_add.tpl' : 'admin_user_md.tpl'; // Add and modify entries. Same validation can be used. } else { if (($ui->st('d', 'get') == 'ad' or $ui->st('d', 'get') == 'md' and ($id != $admin_id or $reseller_id == 0)) and ($pa['user'] or $pa['user_users']) and ($accountType == 'a' and $pa['user'] or $accountType != 'a' and ($pa['user'] or $pa['user_users']))) { // Error handling. Check if required attributes are set and can be validated $errors = array(); $selectlanguages = getlanguages($template_to_use); $groups = array('a' => array(), 'r' => array(), 'u' => array()); $defaultGroups = array(); $query = $sql->prepare("SELECT `id`,`grouptype`,`name`,`defaultgroup` FROM `usergroups` WHERE `active`='Y' AND `resellerid`=?"); $query->execute(array($resellerLockupID)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { if ($row['defaultgroup'] == 'Y') { $defaultGroups[$row['grouptype']][$row['id']] = $row['name']; } $groups[$row['grouptype']][$row['id']] = $row['name']; } // Add or mod is opened if (!$ui->smallletters('action', 2, 'post')) { // Gather data for adding if needed and define add template if ($ui->st('d', 'get') == 'ad') { $template_file = 'admin_user_add.tpl';
} else { $query = $sql->prepare("DELETE FROM `imprints` WHERE `resellerid`=?"); $query->execute(array($reseller_id)); if ($query->rowCount() > 0) { $changed = true; } } if (isset($changed)) { $loguseraction = "%mod% %settings% %imprint%"; $insertlog->execute(); $template_file = $spracheResponse->table_add; } else { $template_file = $spracheResponse->error_table; } } else { $foundLanguages = array(); $query = $sql->prepare("SELECT `template` FROM `settings` WHERE `resellerid`=? LIMIT 1"); $query->execute(array($reseller_id)); $template_choosen = $query->fetchColumn(); if ($query->rowCount() > 0) { foreach (getlanguages($template_choosen) as $langrow) { $query = $sql->prepare("SELECT `imprint` FROM `imprints` WHERE `language`=? AND `resellerid`=? LIMIT 1"); $query->execute(array($langrow, $reseller_id)); $foundLanguages[] = array('lang' => $langrow, 'imprint' => $query->fetchColumn(), 'style' => $query->rowCount()); } $template_file = 'admin_settings_imprint.tpl'; } else { $template_file = 'admin_404.tpl'; } } }
} $emailbackup_xml = array(); $emailbackuprestore_xml = array(); $emaildown_xml = array(); $emaildownrestart_xml = array(); $emailgserverupdate_xml = array(); $emailpwrecovery_xml = array(); $emailsecuritybreach_xml = array(); $emailserverinstall_xml = array(); $emailnewticket_xml = array(); $emailuseradd_xml = array(); $emailvinstall_xml = array(); $emailvoicemasterold_xml = array(); $emailvrescue_xml = array(); if (isset($template_to_use)) { foreach (getlanguages($template_to_use) as $row) { $emailbackup_xml[] = getMailXML('emailbackup', $row); $emailbackuprestore_xml[] = getMailXML('emailbackuprestore', $row); $emaildown_xml[] = getMailXML('emaildown', $row); $emaildownrestart_xml[] = getMailXML('emaildownrestart', $row); $emailgserverupdate_xml[] = getMailXML('emailgserverupdate', $row); $emailpwrecovery_xml[] = getMailXML('emailpwrecovery', $row); $emailsecuritybreach_xml[] = getMailXML('emailsecuritybreach', $row); $emailserverinstall_xml[] = getMailXML('emailserverinstall', $row); $emailnewticket_xml[] = getMailXML('emailnewticket', $row); $emailuseradd_xml[] = getMailXML('emailuseradd', $row); $emailvinstall_xml[] = getMailXML('emailvinstall', $row); $emailvrescue_xml[] = getMailXML('emailvrescue', $row); $emailvoicemasterold_xml[] = getMailXML('emailvoicemasterold', $row); $emailregister_xml[] = getMailXML('emailregister', $row); }
$dirs = scandir($dir); foreach ($dirs as $row) { if (is_dir('template/' . $row) and !preg_match('/^\\.(.*)$/', $row)) { $templates[] = $row; } } } $query = $sql->prepare("SELECT * FROM `settings` WHERE `resellerid`=? LIMIT 1"); $query->execute(array($reseller_id)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $headerIcon = $row['header_icon']; $headerText = $row['header_text']; $headerHref = $row['header_href']; $language_choosen = $row['language']; $template_choosen = $row['template']; $selectlanguages = getlanguages($template_choosen); $imageserver = $row['imageserver']; $master = $row['master']; $cronjobIPs = $row['cronjob_ips']; $prefix1 = $row['prefix1']; $prefix2 = $row['prefix2']; $brandname = $row['brandname']; $faillogins = $row['faillogins']; $supportnumber = $row['supportnumber']; $timezone = $row['timezone']; $noservertag = $row['noservertag']; $nopassword = $row['nopassword']; $tohighslots = $row['tohighslots']; $voice_autobackup = $row['voice_autobackup']; $voice_autobackup_intervall = $row['voice_autobackup_intervall']; $voice_maxbackup = $row['voice_maxbackup'];