<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("adduser.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_user'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!');
$Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!');
$Check->check('role', 'is_numeric($test)', 'The role is required!');
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
$Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login']));
}
$passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
$Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
}
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("addcapability.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_capab'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) {
$Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name']));
}
$Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
$aVals[] = array('name', $_POST['name']);
$aVals[] = array('description', $_POST['description']);
/// insert values ///
<?php
if (!isset($_index_rights)) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("addrole.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// max. 100 symbols ///
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
$Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name']));
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
function _updateCapabilities()
{
global $DB;
global $_aErrors;
global $_aAlerts;
$Check = new cCheckForm();
$colsToDb = array(array('capability', false), array('role', false));
$dataToDb = array();
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
$aDat = explode('_', $k, 3);
/// post data with values for core_role_capability ///
if ($aDat[0] == "caprole" && count($aDat) == 3) {
$Check->check('cap', 'is_numeric($test)', 'The id of capability is in wrong type', $aDat[1]);
$Check->check('role', 'is_numeric($test)', 'The id of role is in wrong type', $aDat[2]);
$dataToDb[] = array($aDat[1], $aDat[2]);
}
}
//$Logs->addLog($Check->isValid(), 'valid');
try {
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$_aErrors[] = implode("(<strong>{$k}</strong>)<br />", $error['msg']) . "(<strong>{$k}</strong>)";
}
throw new cException("Form is not valid!");
}
/// make backup of original table ///
if (!$DB->createCopyOfTable('core_role_capability', 'core_role_capability_back')) {
throw new cException("Some error during backup operation of old data!");
}
/// empty original table ///
if (!$DB->truncateTable('core_role_capability')) {
/// drop backup table ///
$DB->dropTable('core_role_capability_back');
throw new cException("Some error during insert operation!");
}
/// insert new values to original table ///
if (!$DB->insertMore('core_role_capability', $colsToDb, $dataToDb)) {
/// copy data from backup to original table ///
$DB->createCopyOfTable('core_role_capability_bak', 'core_role_capability');
throw new cException("Some error during insert operation!");
}
/// empty backup table ///
$DB->dropTable('core_role_capability_back');
$_aAlerts[] = "Capabilities were updated.";
} catch (cException $e) {
$msg = $e->getDbMessageError(__METHOD__ . '(line:' . __LINE__ . ')', $query);
$_aErrors[] = $msg;
cLogsDb::addFileLog($msg);
}
}
} else {
$result = add_insertNewTemplate();
}
if ($result) {
$aAlerts[] = "Template was added.";
} else {
$aErrors[] = "Template wasn't added.";
}
$Logs->addLog($result, 'new template RESULT');
}
/// POST data to insert new page are sent ///
if (isset($_POST['add_page'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/';
$titlePat = '/^([a-z]+[a-z0-9_-]+){1,100}$/';
/// existing templates wasn't selected ///
if ($_POST['temp'] == 'null') {
if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters, starts with a letter and without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) {
$Check->check('newtemp', '$test==false', 'The name of TEMPLATES already exists!', admin_tempExists($_POST['newtemp']));
}
}
if ($Check->check('page', 'preg_match("' . $namePat . '",$test)', 'The name of PAGE must be in lowercase letters, starts with a letter and without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) {
$Check->check('page', '$test==false', 'The name of PAGE already exists!', admin_pageExists($_POST['page']));
}
$bTitle = false;
foreach ($_POST as $k => $v) {
if (substr($k, 0, 3) == 'lng') {
/// max 100 symbols ///
}
}
return $bPage && count($bPageLng);
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("editpage.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
/// POST data to insert new page are sent ///
if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// existing templates wasn't selected ///
$Check->check('temp', '$test !== "null"', 'TEMPLATE is required!');
$bTitle = false;
foreach ($_POST as $k => $v) {
if (substr($k, 0, 3) == 'lng') {
$Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!');
$bTitle = true;
}
}
$Check->check('page_title', '$test == true', 'Title of PAGE is required!', $bTitle);
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
<?php
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']);
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
if ($exists = admin_roleExists($_POST['name'])) {
$Logs->addLog($exists, 'role EXISTS');
$exists = !($exists['id'] == $_POST['roleid']);
}
$Logs->addLog($exists, 'role EXISTS');
$Check->check('name', '$test==false', 'The name of role already exists!', $exists);
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'form valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("edittemplate.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!');
$Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
if ($_POST['parent_temp'] != 'null') {
$aVals[] = array('parentid', intval($_POST['parent_temp']), false);
} else {
$aVals[] = array('parentid', 'NULL', false);
}
$aVals[] = array('js', $_POST['js']);
<?php
if (!isset($_index_rights) || !isset($_GET['id'])) {
header("Location: " . getUrl() . "admin");
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_user'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$aVals = array();
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']);
$Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!');
$Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!');
$Check->check('role', 'is_numeric($test)', 'The role is in wrong format!');
/// change login ///
if (strlen($_POST['login'])) {
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
if ($exists = admin_roleExists($_POST['login'])) {
$Logs->addLog($exists, 'user login EXISTS');
$exists = !($exists['id'] == $_POST['userid']);
}
$Logs->addLog($exists, 'user login EXISTS');
