}
//**************************************************************************
// include config.php
//**************************************************************************
require_once $config_path . '/config.php';
//**************************************************************************
// analyze path to auto-protect backend
//**************************************************************************
if (!defined('CAT_LOGIN_PHASE')) {
$path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL;
if ($path) {
$check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH));
if (preg_match('~^' . $check . '~i', $path)) {
define('CAT_REQUIRE_ADMIN', true);
if (!CAT_Users::getInstance()->is_authenticated()) {
CAT_Users::getInstance()->handleLogin();
exit(0);
}
// always enable CSRF protection in backend; does not work with
// AJAX so scripts called via AJAX should set this constant
if (!defined('CAT_AJAX_CALL')) {
//echo "class.secure is calling enableCSRFMagic<br />";
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
global $parser;
if (!is_object($parser)) {
$parser = CAT_Helper_Template::getInstance('Dwoo');
}
// initialize template search path
$parser->setPath(CAT_THEME_PATH . '/templates');
$parser->setFallbackPath(CAT_THEME_PATH . '/templates');
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
include 'functions.php';
header('Content-type: application/json');
// ===============
// ! check perms
// ===============
$users = CAT_Users::getInstance();
if (!$users->checkPermission('pages', 'pages_settings', false) == true) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to do this.'), 'success' => false);
print json_encode($ajax);
exit;
}
// ===============
// ! Get page id
// ===============
$val = CAT_Helper_Validate::getInstance();
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
if ($page_id == '') {
$ajax = array('message' => $backend->lang()->translate('Invalid data!'), 'success' => false);
print json_encode($ajax);
exit;
}
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
// =================
// ! Get new content
// =================
$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
// if HTMLPurifier is enabled...
$r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
if ($r) {
// use HTMLPurifier to clean up the output
$content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
}
} else {
$content = $val->add_slashes($content);
}
/**
* searching in $text will be much easier this way
*/
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
/**
* save
/**
* if auth_max_login_length is changed, there must not be any users that have
* longer names
**/
function check_auth_max_login_length($value, $oldvalue)
{
global $database, $err_msg;
$result = $database->query(sprintf('select count(*) as cnt from `%susers` where char_length(username)>%d', CAT_TABLE_PREFIX, $value));
if ($result->numRows()) {
$row = $result->fetchRow(MYSQL_ASSOC);
if ($row['cnt'] > 0) {
$err_msg[] = CAT_Users::getInstance()->lang()->translate('The max. Login name length could not be saved. There is/are {{ count }} user/s that have longer names.', array('count' => $row['cnt']));
return $oldvalue;
}
}
return $value;
}
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// this one is only used for the frontend!
if (!FRONTEND_LOGIN) {
// no frontend login, no preferences
if (INTRO_PAGE) {
die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php'));
} else {
die(header('Location: ' . CAT_URL . '/index.php'));
}
}
// check if user is authenticated
if (CAT_Users::getInstance()->is_authenticated() === false) {
die(header('Location: ' . CAT_URL . '/account/login.php'));
}
CAT_Helper_Page::getVirtualPage('Preferences');
/**
* Set the page content include file
*/
define('PAGE_CONTENT', CAT_PATH . '/account/preferences_form.php');
/**
* Include the index (wrapper) file
*/
require CAT_PATH . '/index.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$print_info_banner = true;
$backend = CAT_Backend::getInstance('pages', 'pages_modify');
$_bc_user = CAT_Users::getInstance();
$_bc_val = CAT_Helper_Validate::getInstance();
$page_id = $_bc_val->get('_REQUEST', 'page_id', 'numeric');
// for backward compatibility
include CAT_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// always enable CSRF protection in backend; does not work with
// AJAX so scripts called via AJAX should set this constant
if (!defined('CAT_AJAX_CALL')) {
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
$section_id = $_bc_val->get('_REQUEST', 'section_id', 'numeric');
*
*/
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$username_fieldname = 'username';
$password_fieldname = 'password';
$redirect = CAT_Users::getInstance()->handleLogin(false);
$error = CAT_Users::getInstance()->loginError();
if ($redirect) {
header('Location: ' . $redirect);
}
$redirect_url = $val->sanitizeGet('redirect') != '' ? $val->sanitizeGet('redirect') : $val->sanitizePost('redirect');
global $parser;
$parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT'));
// if there's a template for this in the current frontend template
$parser->setFallbackPath(dirname(__FILE__) . '/templates/default');
// fallback to default dir
$parser->output('account_login_form', array('message' => $error, 'username_fieldname' => $username_fieldname, 'password_fieldname' => $password_fieldname, 'redirect_url' => $redirect_url ? $redirect_url : ''));
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
ob_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
$backend = CAT_Backend::getInstance('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id());
if (!$curr_user_is_admin) {
echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
exit;
}
$settings = array();
$sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"';
if ($res = $backend->db()->query($sql)) {
$row = $res->fetchRow(MYSQL_ASSOC);
}
if (!isset($row['value']) || $row['value'] == '') {
@(require_once CAT_PATH . '/framework/CAT/Object.php');
$guid = CAT_Object::createGUID();
$row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL;
$backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
} else {
* @package CAT_Core
*
*/
define('CAT_LOGIN_PHASE', 1);
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
if (CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') > MAX_ATTEMPTS) {
$redirect = CAT_URL . '/templates/' . DEFAULT_THEME . '/templates/warning.html';
$ajax = array('url' => $redirect, 'success' => true, 'message' => NULL);
} else {
#CAT_Helper_Protect::getInstance()->enableCSRFMagic();
$redirect = CAT_Users::getInstance()->handleLogin();
$error = CAT_Users::getInstance()->loginError();
$ajax = array('url' => $redirect, 'success' => CAT_Users::getInstance()->is_authenticated(), 'message' => $redirect === false || $error ? $error : NULL);
}
header('Content-type: application/json');
print json_encode($ajax);
exit;
/**
* identify the page to show
*
* @access public
* @param boolean $no_intro
* @return boolean
**/
public static function selectPage($no_intro = false)
{
global $page_id;
// may be set by accessor file
// check if the system is in maintenance mode
if (self::isMaintenance()) {
// admin can still see any page
if (!CAT_Users::getInstance()->is_root()) {
if (!CAT_Registry::exists('MAINTENANCE_PAGE')) {
$result = CAT_Registry::getInstance()->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`="maintenance_page"');
if (is_resource($result) && $result->rowCount() == 1) {
$row = $result->fetch();
CAT_Registry::register('MAINTENANCE_PAGE', $row['maintenance_page'], true);
}
}
$page_id = MAINTENANCE_PAGE;
}
}
// check if intro page to show
if (INTRO_PAGE && !$no_intro && (!isset($page_id) || !is_numeric($page_id))) {
// Get intro page content
$filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION;
if (file_exists($filename)) {
$handle = @fopen($filename, "r");
$content = @fread($handle, filesize($filename));
@fclose($handle);
CAT_Helper_Page::preprocess($content);
header("Location: " . CAT_URL . PAGES_DIRECTORY . "/intro" . PAGE_EXTENSION . "");
// send intro.php as header to allow parsing of php statements
echo $content;
return false;
}
}
// search
if (!$page_id) {
if (CAT_Registry::get('USE_SHORT_URLS') && isset($_SERVER['REDIRECT_QUERY_STRING'])) {
$page_id = CAT_Helper_Page::getPageByPath('/' . $_SERVER['REDIRECT_QUERY_STRING']);
} else {
$page_id = self::getDefaultPage();
}
}
if (!defined('PAGE_ID')) {
define('PAGE_ID', $page_id);
}
return $page_id;
}
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
header('Content-type: application/json');
$backend = CAT_Backend::getInstance('admintools', 'blackcatFilter', false, false);
$val = CAT_Helper_Validate::getInstance();
$error = NULL;
if (!CAT_Users::getInstance()->checkPermission('admintools', 'blackcatFilter')) {
$ajax = array('message' => $backend->lang()->translate('You do not have permissions to modify this page'), 'success' => false);
print json_encode($ajax);
exit;
}
$filter = $val->get('_REQUEST', 'filter');
$action = $val->get('_REQUEST', 'action');
// filter to activate/deactivate?
if ($action != 'delete') {
$value = $action == 'activate' ? 'Y' : 'N';
$backend->db()->query(sprintf("UPDATE `%smod_filter` SET filter_active='%s' WHERE filter_name='%s'", CAT_TABLE_PREFIX, $value, $filter));
if ($backend->db()->isError()) {
$error = $backend->db()->getError();
}
} else {
$res = $backend->db()->query(sprintf("SELECT * FROM `%smod_filter` WHERE filter_name='%s'", CAT_TABLE_PREFIX, $filter));
/**
* Print the admin header
*
* @access public
* @return void
*/
public function print_header()
{
global $parser;
$tpl_data = array();
$addons = CAT_Helper_Addons::getInstance();
$user = CAT_Users::getInstance();
// Connect to database and get website title
if (!CAT_Registry::exists('WEBSITE_TITLE')) {
$title = $this->db()->query("SELECT `value` FROM `:prefix:settings` WHERE `name`='website_title'")->fetchColumn();
CAT_Registry::define('WEBSITE_TITLE', $title, true);
}
// check current URL for page tree
$uri = CAT_Helper_Validate::get('_SERVER', 'SCRIPT_NAME');
// init template search paths
self::initPaths();
// =================================
// ! Add permissions to $tpl_data
// =================================
$tpl_data['permission']['pages'] = $user->checkPermission('pages', 'pages', false);
$tpl_data['permission']['pages_add'] = $user->checkPermission('pages', 'pages_add', false);
$tpl_data['permission']['pages_add_l0'] = $user->checkPermission('pages', 'pages_add_l0', false);
$tpl_data['permission']['pages_modify'] = $user->checkPermission('pages', 'pages_modify', false);
$tpl_data['permission']['pages_delete'] = $user->checkPermission('pages', 'pages_delete', false);
$tpl_data['permission']['pages_settings'] = $user->checkPermission('pages', 'pages_settings', false);
$tpl_data['permission']['pages_intro'] = $user->checkPermission('pages', 'pages_intro', false) != true || INTRO_PAGE != 'enabled' ? false : true;
if ($tpl_data['permission']['pages'] == true) {
$tpl_data['DISPLAY_MENU_LIST'] = CAT_Registry::get('MULTIPLE_MENUS') != false ? true : false;
$tpl_data['DISPLAY_LANGUAGE_LIST'] = CAT_Registry::get('PAGE_LANGUAGES') != false ? true : false;
$tpl_data['DISPLAY_SEARCHING'] = CAT_Registry::get('SEARCH') != false ? true : false;
// ==========================
// ! Get info for pagesTree
// ==========================
$pages = CAT_Helper_Page::getPages(true);
$sections = CAT_Helper_Page::getSections();
// create LI content for ListBuilder
foreach ($pages as $i => $page) {
if (isset($sections[$page['page_id']]) && count($sections[$page['page_id']])) {
$page['page_title'] .= "\n" . count($sections[$page['page_id']]) . ' ' . $user->lang()->translate('active sections') . ':';
foreach ($sections[$page['page_id']] as $block_id => $section) {
foreach ($section as $item) {
$page['page_title'] .= "\n" . $item['module'] . ' (ID:' . $item['section_id'] . ')';
}
}
}
$text = $parser->get('backend_pagetree_item', array_merge($page, array('action' => pathinfo($uri, PATHINFO_FILENAME) == 'lang_settings' ? 'lang_settings' : 'modify')));
$pages[$i]['text'] = $text;
}
// list of first level of pages
$tpl_data['pages'] = CAT_Helper_ListBuilder::getInstance()->config(array('__li_level_css' => true, '__li_id_prefix' => 'pageid_', '__li_css_prefix' => 'fc_page_', '__li_has_child_class' => 'fc_expandable', '__is_open_key' => 'be_tree_is_open', '__li_is_open_class' => 'fc_tree_open', '__li_is_closed_class' => 'fc_tree_close', '__title_key' => 'text'))->tree($pages, 0);
// number of editable pages (for current user)
$tpl_data['pages_editable'] = CAT_Helper_Page::getEditable();
// ==========================================
// ! Get info for the form to add new pages
// ==========================================
$tpl_data['templates'] = $addons->get_addons(CAT_Registry::get('DEFAULT_TEMPLATE'), 'template', 'template');
$tpl_data['languages'] = $addons->get_addons(CAT_Registry::get('DEFAULT_LANGUAGE'), 'language');
$tpl_data['modules'] = $addons->get_addons('wysiwyg', 'module', 'page');
$tpl_data['groups'] = $user->get_groups();
// ===========================================
// ! Check and set permissions for templates
// ===========================================
foreach ($tpl_data['templates'] as $key => $template) {
$tpl_data['templates'][$key]['permissions'] = $user->get_permission($template['VALUE'], 'template') ? true : false;
}
}
// =========================
// ! Add Metadatas to Dwoo
// =========================
$tpl_data['META']['CHARSET'] = true === defined('DEFAULT_CHARSET') ? DEFAULT_CHARSET : 'utf-8';
$tpl_data['META']['LANGUAGE'] = strtolower(CAT_Registry::get('LANGUAGE'));
$tpl_data['META']['WEBSITE_TITLE'] = WEBSITE_TITLE;
$tpl_data['CAT_VERSION'] = CAT_Registry::get('CAT_VERSION');
$tpl_data['CAT_CORE'] = CAT_Registry::get('CAT_CORE');
$tpl_data['PAGE_EXTENSION'] = CAT_Registry::get('PAGE_EXTENSION');
$date_search = array('Y', 'j', 'n', 'jS', 'l', 'F');
$date_replace = array('yy', 'y', 'm', 'd', 'DD', 'MM');
$tpl_data['DATE_FORMAT'] = str_replace($date_search, $date_replace, CAT_Registry::get('CAT_DATE_FORMAT'));
$time_search = array('H', 'i', 's', 'g');
$time_replace = array('hh', 'mm', 'ss', 'h');
$tpl_data['TIME_FORMAT'] = str_replace($time_search, $time_replace, CAT_Registry::get('TIME_FORMAT'));
$tpl_data['SESSION'] = session_name();
$tpl_data['HEAD']['SECTION_NAME'] = $this->lang()->translate(strtoupper(self::$instance->section_name));
$tpl_data['DISPLAY_NAME'] = $user->get_display_name();
$tpl_data['USER'] = $user->get_user_details($user->get_user_id());
// ===================================================================
// ! Add arrays for main menu, options menu and the Preferences-Button
// ===================================================================
$tpl_data['MAIN_MENU'] = array();
$tpl_data['MAIN_MENU'][0] = array('link' => CAT_ADMIN_URL . '/start/index.php', 'title' => $this->lang()->translate('Start'), 'permission_title' => 'start', 'permission' => $user->checkPermission('start', 'start') ? true : false, 'current' => 'start' == strtolower($this->section_name) ? true : false);
$tpl_data['MAIN_MENU'][1] = array('link' => CAT_ADMIN_URL . '/media/index.php', 'title' => $this->lang()->translate('Media'), 'permission_title' => 'media', 'permission' => $user->checkPermission('media', 'media') ? true : false, 'current' => 'media' == strtolower($this->section_name) ? true : false);
$tpl_data['MAIN_MENU'][2] = array('link' => CAT_ADMIN_URL . '/settings/index.php', 'title' => $this->lang()->translate('Settings'), 'permission_title' => 'settings', 'permission' => $user->checkPermission('settings', 'settings') ? true : false, 'current' => 'settings' == strtolower($this->section_name) ? true : false);
$tpl_data['MAIN_MENU'][3] = array('link' => CAT_ADMIN_URL . '/addons/index.php', 'title' => $this->lang()->translate('Addons'), 'permission_title' => 'addons', 'permission' => $user->checkPermission('addons', 'addons') ? true : false, 'current' => 'addons' == strtolower($this->section_name) ? true : false);
$tpl_data['MAIN_MENU'][4] = array('link' => CAT_ADMIN_URL . '/admintools/index.php', 'title' => $this->lang()->translate('Admin-Tools'), 'permission_title' => 'admintools', 'permission' => $user->checkPermission('admintools', 'admintools') ? true : false, 'current' => 'admintools' == strtolower($this->section_name) ? true : false);
$tpl_data['MAIN_MENU'][5] = array('link' => CAT_ADMIN_URL . '/users/index.php', 'title' => $this->lang()->translate('Access'), 'permission_title' => 'access', 'permission' => $user->checkPermission('access', 'access') ? true : false, 'current' => 'access' == strtolower($this->section_name) ? true : false);
// =======================================
// ! Seperate access-link by permissions
// =======================================
if ($user->get_permission('users')) {
$tpl_data['MAIN_MENU'][5]['link'] = CAT_ADMIN_URL . '/users/index.php';
} elseif ($user->get_permission('groups')) {
$tpl_data['MAIN_MENU'][5]['link'] = CAT_ADMIN_URL . '/groups/index.php';
}
$tpl_data['PREFERENCES'] = array('link' => CAT_ADMIN_URL . '/preferences/index.php', 'title' => $this->lang()->translate('Preferences'), 'permission_title' => 'preferences', 'permission' => $this->get_link_permission('preferences') ? true : false, 'current' => 'preferences' == strtolower($this->section_name) ? true : false);
$tpl_data['section_name'] = strtolower($this->section_name);
$tpl_data['page_id'] = CAT_Helper_Validate::sanitizeGet('page_id', 'numeric') && CAT_Helper_Validate::sanitizeGet('page_id') != '' ? CAT_Helper_Validate::sanitizeGet('page_id') : (CAT_Helper_Validate::sanitizePost('page_id', 'numeric') && CAT_Helper_Validate::sanitizePost('page_id') != '' ? CAT_Helper_Validate::sanitizePost('page_id') : false);
// ====================
// ! Parse the header
// ====================
$parser->output('header', $tpl_data);
}
