/** * Delete a block * * @param string $bid id of block to delete * @return string HTML redirect or error message * */ function deleteBlock($bid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}."); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } TOPIC_deleteTopicAssignments('block', $bid); DB_delete($_TABLES['blocks'], 'bid', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12'); }
// | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; require_once 'auth.inc.php'; require_once $_CONF['path_system'] . 'classes/menu.class.php'; require_once $_CONF['path_system'] . 'lib-menu.php'; USES_lib_admin(); $display = ''; $content = ''; $MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small"; // Only let admin users access this page if (!SEC_hasRights('menu.admin')) { $display .= COM_siteHeader('menu', $MESSAGE[30]); $display .= COM_showMessageText($MESSAGE[37], $MESSAGE[30], true); $display .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} unauthorized user tried to access the menu editor screen."); echo $display; exit; } function MB_displayMenuList() { global $_CONF, $_USER, $_TABLES, $LANG_MB01, $LANG_MB_ADMIN, $LANG_ADMIN, $LANG_MB_MENU_TYPES; $retval = ''; $menuArray = array(); $mbadmin = SEC_hasRights('menu.admin'); $root = SEC_inGroup('Root'); if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; }
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; require_once 'auth.inc.php'; $display = ''; if (!SEC_hasrights('autotag.admin')) { $display .= COM_siteHeader('menu', $MESSAGE[30]); $display .= COM_showMessageText($MESSAGE[38], $MESSAGE[30], true); $display .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} attempted to access the autotag administration screen."); echo $display; exit; } USES_lib_install(); /** * Main driver to handle the uploaded autotag * * Determines if a new style (supports automated installer) or * an old style. * * @return string Formatted HTML containing the page body * */ function processAutotagUpload() {
if (!empty($file)) { DBADMIN_download($file); exit; } break; case 'delete': if (isset($_POST['delitem']) && SEC_checkToken()) { foreach ($_POST['delitem'] as $delfile) { $file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($delfile)); $file = str_replace('..', '', $file); if (!@unlink($_CONF['backup_path'] . $file)) { COM_errorLog('Unable to remove backup file "' . $file . '"'); } } } else { COM_accessLog("User {$_USER['username']} tried to illegally delete database backup(s) and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'config': $view = 'config'; break; case 'saveconfig': $items = array(); // Get the excluded tables into a serialized string $tables = explode('|', $_POST['groupmembers']); $items['lglib_dbback_exclude'] = DB_escapeString(@serialize($tables)); $items['lglib_dbback_files'] = (int) $_POST['db_backup_maxfiles']; if (isset($_POST['disable_cron'])) { $str = '-1'; } else {
// | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; require_once $_CONF['path'] . 'plugins/downloads/include/functions.php'; if (!SEC_hasRights('downloads.edit')) { $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = DLM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access the downloads temporary file."); COM_output($display); exit; } COM_setArgNames(array('id')); $lid = addslashes(COM_applyFilter(COM_getArgument('id'))); $result = DB_query("SELECT url, date FROM {$_TABLES['downloadsubmission']} WHERE lid='{$lid}'"); list($url, $date) = DB_fetchArray($result); $filepath = $_DLM_CONF['path_filestore'] . 'tmp' . date('YmdHis', $date) . DLM_createSafeFileName($url); if (file_exists($filepath)) { header('Content-Disposition: attachment; filename="' . $url . '"'); header('Content-Type: application/octet-stream'); header('Content-Description: File Transfer'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
function links_delete_category($cid) { global $_TABLES, $LANG_LINKS_ADMIN; $cid = addslashes($cid); if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // item exists so check access rights $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,\n perm_members,perm_anon FROM {$_TABLES['linkcategories']}\n WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access > 2) { // has edit rights // Check for subfolders and sublinks $sf = DB_count($_TABLES['linkcategories'], 'pid', $cid); $sl = DB_count($_TABLES['links'], 'cid', $cid); if ($sf == 0 && $sl == 0) { // No subfolder/links so OK to delete DB_delete($_TABLES['linkcategories'], 'cid', $cid); PLG_itemDeleted($cid, 'links.category'); return 13; } else { // Subfolders and/or sublinks exist so return a message return 14; } } else { // no access return 15; COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username'])); } } else { // no such category return 16; } }
/** * Return the current user status for a user. * NOTE: May not return for banned/non-approved users. * * @param int $userid Valid uid value. * @return int user status, 0-3 */ function SEC_checkUserStatus($userid) { global $_CONF, $_TABLES; // Check user status $status = DB_getItem($_TABLES['users'], 'status', "uid={$userid}"); // only do redirects if we aren't on users.php in a valid mode (logout or // default) if (strpos($_SERVER['PHP_SELF'], 'users.php') === false) { $redirect = true; } else { if (empty($_REQUEST['mode']) || $_REQUEST['mode'] == 'logout') { $redirect = false; } else { $redirect = true; } } if ($status == USER_ACCOUNT_AWAITING_ACTIVATION) { DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $userid); } elseif ($status == USER_ACCOUNT_AWAITING_APPROVAL) { // If we aren't on users.php with a default action then go to it if ($redirect) { COM_accessLog("SECURITY: Attempted Cookie Session login from user awaiting approval {$userid}."); COM_redirect($_CONF['site_url'] . '/users.php?msg=70'); } } elseif ($status == USER_ACCOUNT_DISABLED) { if ($redirect) { COM_accessLog("SECURITY: Attempted Cookie Session login from banned user {$userid}."); COM_redirect($_CONF['site_url'] . '/users.php?msg=69'); } } return $status; }
/** * Delete an existing story * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_delete_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER; if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } if ($args['gl_svc']) { $args['sid'] = COM_applyBasicFilter($args['sid']); } $sid = $args['sid']; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); $access = min($access, TOPIC_hasMultiTopicAccess('article', $sid)); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}."); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } STORY_doDeleteThisStoryNow($sid); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php?msg=10'); return PLG_RET_OK; }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect * */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } // don't delete topic blocks - assign them to 'all' and disable them DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // delete comments, trackbacks, images associated with stories in this topic $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); } // delete these DB_delete($_TABLES['stories'], 'tid', $tid); DB_delete($_TABLES['storysubmission'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article'); COM_olderStuff(); return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
} else { $_POST['sp_centerblock'] = 0; } if ($sp_inblock == 'on') { $_POST['sp_inblock'] = 1; } else { $_POST['sp_inblock'] = 0; } $display .= PAGE_edit($sp_id, '', $editor); $display .= COM_siteFooter(); } break; case 'delete': if (empty($sp_id) || is_numeric($sp_id) && $sp_id == 0) { COM_errorLog('Attempted to delete staticpage, sp_id empty or null, value =' . $sp_id); $display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php'); } elseif (SEC_checkToken()) { $args = array('sp_id' => $sp_id); PLG_invokeService('staticpages', 'delete', $args, $display, $svc_msg); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete staticpage {$sp_id} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; default: $display .= COM_siteHeader('menu', $LANG_STATIC['staticpagelist']); $display .= PAGE_list(); $display .= COM_siteFooter(); break; } echo $display;
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5'); } } } }
// | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ // Geeklog common function library require_once '../lib-common.php'; // Security check to ensure user even belongs on this page require_once 'auth.inc.php'; require_once $_CONF['path_system'] . 'lib-admin.php'; if (!SEC_inGroup('Root')) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access the log viewer screen."); COM_output($display); exit; } if (isset($_GET['log'])) { $log = COM_applyFilter($_GET['log']); } elseif (isset($_POST['log'])) { $log = COM_applyFilter($_POST['log']); } else { $log = ''; } $log = COM_sanitizeFilename($log, true); if (empty($log)) { $log = 'error.log'; } $display = '';
/** * Static Pages plugin administration page * * @package StaticPages * @subpackage admin */ /** * Geeklog common function library and Admin authentication */ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; $display = ''; if (!SEC_hasRights('staticpages.edit')) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access the static pages administration screen."); COM_output($display); exit; } /** * Displays the static page editor form * * @param array $A Data to display * @return string HTML for the static page editor * */ function staticpageeditor_form($A) { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS; if (!empty($sp_id) && $mode == 'edit') { $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
/** * Returns a page for permission denied * * @return string HTML for permission denied page */ function _UI_perm_denied() { global $_USER, $MESSAGE; $display = COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally access the config administration screen."); return $display; }
// +--------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | // | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; $display = ''; if (!SEC_inGroup('Root')) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access the clear cache."); COM_output($display); exit; } /* * Main processing */ CTL_clearCache(); COM_redirect($_CONF['site_admin_url'] . '/index.php?msg=500');
* installed Geeklog in a (relatively) secure fashion. It also gives tips on * how to fix issues. * */ /** * Geeklog common function library */ require_once '../lib-common.php'; /** * Security check to ensure user even belongs on this page */ require_once 'auth.inc.php'; $display = ''; if (!SEC_inGroup('Root')) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally access the security check."); COM_output($display); exit; } // ugh, global variable ... $failed_tests = 0; /** * Send an HTTP HEAD request for the given URL * * @param string $url URL to request * @param string &$errmsg error message, if any (on return) * @return int HTTP response code or 777 on error * */ function doHeadRequest($url, &$errmsg) {
/** * Shows story editor * * Displays the story entry form * * @param string $sid ID of story to edit * @param string $mode 'preview', 'edit', 'editsubmission', 'clone' * @param string $errormsg a message to display on top of the page * @return string HTML for story editor * */ function storyeditor($sid = '', $mode = '', $errormsg = '') { global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK; $display = ''; if (!isset($_CONF['hour_mode'])) { $_CONF['hour_mode'] = 12; } if (!empty($errormsg)) { $display .= COM_showMessageText($errormsg, $LANG24[25]); } $story = new Story(); if ($mode == 'preview') { // Handle Magic GPC Garbage: while (list($key, $value) = each($_POST)) { if (!is_array($value)) { $_POST[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } $result = $story->loadFromArgsArray($_POST); if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $msg = $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $msg .= '<li>' . $err . '</li>' . LB; } $msg .= '</ul>' . LB; $display .= COM_showMessageText($msg, $LANG24[54]); } } } else { $result = $story->loadFromDatabase($sid, $mode); } if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']); COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}."); return $display; } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) { $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']); $display .= STORY_renderArticle($story, 'p'); COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}."); return $display; } elseif ($result == STORY_INVALID_SID) { if ($mode == 'editsubmission') { // that submission doesn't seem to be there any more (may have been // handled by another Admin) - take us back to the moderation page return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { return COM_refresh($_CONF['site_admin_url'] . '/story.php'); } } elseif ($result == STORY_DUPLICATE_SID) { $display .= COM_showMessageText($LANG24[24]); } // Load HTML templates $story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story'); if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml')); $advanced_editormode = true; $story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"'); require_once $_CONF['path_system'] . 'classes/navbar.class.php'; $story_templates->set_var('show_preview', 'none'); $story_templates->set_var('lang_expandhelp', $LANG24[67]); $story_templates->set_var('lang_reducehelp', $LANG24[68]); $story_templates->set_var('lang_publishdate', $LANG24[69]); $story_templates->set_var('lang_toolbar', $LANG24[70]); $story_templates->set_var('toolbar1', $LANG24[71]); $story_templates->set_var('toolbar2', $LANG24[72]); $story_templates->set_var('toolbar3', $LANG24[73]); $story_templates->set_var('toolbar4', $LANG24[74]); $story_templates->set_var('toolbar5', $LANG24[75]); if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_htmleditor', ''); } else { $story_templates->set_var('show_texteditor', ''); $story_templates->set_var('show_htmleditor', 'none'); } } else { $story_templates->set_file(array('editor' => 'storyeditor.thtml')); $advanced_editormode = false; } $story_templates->set_var('hour_mode', $_CONF['hour_mode']); if ($story->hasContent()) { $previewContent = STORY_renderArticle($story, 'p'); if ($advanced_editormode and $previewContent != '') { $story_templates->set_var('preview_content', $previewContent); } elseif ($previewContent != '') { $display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= $previewContent; $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); } } if ($advanced_editormode) { $navbar = new navbar(); if (!empty($previewContent)) { $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true); $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true); } else { $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true); } if ($mode == 'preview') { $story_templates->set_var('show_preview', ''); $story_templates->set_var('show_htmleditor', 'none'); $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_submitoptions', 'none'); $navbar->set_selected($LANG24[79]); } else { $navbar->set_selected($LANG24[80]); } $story_templates->set_var('navbar', $navbar->generate()); } $oldsid = $story->EditElements('originalSid'); if (!empty($oldsid) && $mode != 'clone') { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); } if ($mode == 'editsubmission' || $story->type == 'submission') { $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>'); } $story_templates->set_var('lang_author', $LANG24[7]); $storyauthor = COM_getDisplayName($story->EditElements('uid')); $story_templates->set_var('story_author', $storyauthor); $story_templates->set_var('author', $storyauthor); $story_templates->set_var('story_uid', $story->EditElements('uid')); // user access info $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($story->EditElements('owner_id')); $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id'))); $story_templates->set_var('owner_name', $ownername); $story_templates->set_var('owner', $ownername); $story_templates->set_var('owner_id', $story->EditElements('owner_id')); $story_templates->set_var('lang_group', $LANG_ACCESS['group']); $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3)); $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon'))); $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $curtime = COM_getUserDateTimeFormat($story->EditElements('date')); $story_templates->set_var('lang_date', $LANG24[15]); $story_templates->set_var('publish_second', $story->EditElements('publish_second')); $publish_ampm = ''; $publish_hour = $story->EditElements('publish_hour'); if ($publish_hour >= 12) { if ($publish_hour > 12) { $publish_hour = $publish_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm); $story_templates->set_var('publishampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('publish_month')); $story_templates->set_var('publish_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('publish_day')); $story_templates->set_var('publish_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('publish_year')); $story_templates->set_var('publish_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24); } else { $hour_options = COM_getHourFormOptions($publish_hour); } $story_templates->set_var('publish_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute')); $story_templates->set_var('publish_minute_options', $minute_options); $story_templates->set_var('publish_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate')); $story_templates->set_var('expire_second', $story->EditElements('expire_second')); $expire_ampm = ''; $expire_hour = $story->EditElements('expire_hour'); if ($expire_hour >= 12) { if ($expire_hour > 12) { $expire_hour = $expire_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>'; } $story_templates->set_var('expireampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('expire_month')); $story_templates->set_var('expire_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('expire_day')); $story_templates->set_var('expire_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('expire_year')); $story_templates->set_var('expire_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24); } else { $hour_options = COM_getHourFormOptions($expire_hour); } $story_templates->set_var('expire_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute')); $story_templates->set_var('expire_minute_options', $minute_options); $story_templates->set_var('expire_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp')); $atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1"); $have_archive_topic = empty($atopic) ? false : true; if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked3', 'checked="checked"'); $js_showarchivedisabled = 'false'; $have_archive_topic = true; // force display of auto archive option } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked4', 'checked="checked"'); if (!$have_archive_topic) { $story_templates->set_var('is_checked3', 'style="display:none;"'); } $js_showarchivedisabled = 'false'; } else { if (!$have_archive_topic) { $story_templates->set_var('is_checked3', 'style="display:none;"'); } $js_showarchivedisabled = 'true'; } $story_templates->set_var('lang_archivetitle', $LANG24[58]); $story_templates->set_var('lang_option', $LANG24[59]); $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); $story_templates->set_var('lang_story_stats', $LANG24[87]); if ($have_archive_topic) { $story_templates->set_var('lang_optionarchive', $LANG24[61]); } else { $story_templates->set_var('lang_optionarchive', ''); } $story_templates->set_var('lang_optiondelete', $LANG24[62]); $story_templates->set_var('lang_title', $LANG_ADMIN['title']); $story_templates->set_var('story_title', $story->EditElements('title')); $story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']); $story_templates->set_var('page_title', $story->EditElements('page_title')); $story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']); $story_templates->set_var('meta_description', $story->EditElements('meta_description')); $story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); $story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords')); if ($_CONF['meta_tags'] > 0) { $story_templates->set_var('hide_meta', ''); } else { $story_templates->set_var('hide_meta', ' style="display:none;"'); } $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); if ($mode == 'preview') { $tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true); } else { $tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true); } if (empty($tlist)) { $display .= COM_showMessage(101); return $display; } $story_templates->set_var('topic_selection', $tlist); $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); if ($story->EditElements('show_topic_icon') == 1) { $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); } else { $story_templates->set_var('show_topic_icon_checked', ''); } $story_templates->set_var('lang_cachetime', $LANG24['cache_time']); $story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']); $story_templates->set_var('cache_time', $story->EditElements('cache_time')); $story_templates->set_var('lang_draft', $LANG24[34]); if ($story->EditElements('draft_flag')) { $story_templates->set_var('is_checked', 'checked="checked"'); } $story_templates->set_var('lang_mode', $LANG24[3]); $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode'))); $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode'))); $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode'))); // comment expire $story_templates->set_var('lang_cmt_disable', $LANG24[63]); if ($story->EditElements('cmt_close')) { $story_templates->set_var('is_checked5', 'checked="checked"'); $js_showcmtclosedisabled = 'false'; } else { $js_showcmtclosedisabled = 'true'; } $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month')); $story_templates->set_var('cmt_close_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day')); $story_templates->set_var('cmt_close_day_options', $day_options); // ensure that the year dropdown includes the close year $endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y')); $yoffset = date('Y', $endtm) - date('Y'); $close_year = $story->EditElements('cmt_close_year'); if ($yoffset < -1) { $year_options = COM_getYearFormOptions($close_year, $yoffset); } elseif ($yoffset > 5) { $year_options = COM_getYearFormOptions($close_year, -1, $yoffset); } else { $year_options = COM_getYearFormOptions($close_year); } $story_templates->set_var('cmt_close_year_options', $year_options); $cmt_close_ampm = ''; $cmt_close_hour = $story->EditElements('cmt_close_hour'); //correct hour if ($cmt_close_hour >= 12) { if ($cmt_close_hour > 12) { $cmt_close_hour = $cmt_close_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>'; } $story_templates->set_var('cmt_close_ampm_selection', $ampm_select); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24); } else { $hour_options = COM_getHourFormOptions($cmt_close_hour); } $story_templates->set_var('cmt_close_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute')); $story_templates->set_var('cmt_close_minute_options', $minute_options); $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second')); if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) { $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB; } else { $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">"; } $story_templates->set_var('featured_options', $featured_options); $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage'))); $story_templates->set_var('story_introtext', $story->EditElements('introtext')); $story_templates->set_var('story_bodytext', $story->EditElements('bodytext')); $story_templates->set_var('lang_introtext', $LANG24[16]); $story_templates->set_var('lang_bodytext', $LANG24[17]); $story_templates->set_var('lang_postmode', $LANG24[4]); $story_templates->set_var('lang_publishoptions', $LANG24[76]); $story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid))); $postmode = $story->EditElements('postmode'); if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $postmode = ''; } } $post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode); $postmode_list = 'plaintext,html'; // If Advanced Mode - add post option and set default if editing story created with Advanced Editor if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $postmode_list .= ',adveditor'; if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>'; } else { $post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>'; } } if ($_CONF['wikitext_editor']) { $postmode_list .= ',wikitext'; if ($story->EditElements('postmode') == 'wikitext') { $post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>'; } else { $post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>'; } } $story_templates->set_var('post_options', $post_options); $postmode_array = explode(',', $postmode_list); $allowed_html = ''; foreach ($postmode_array as $pm) { $allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm); } $allowed_tags = array('code', 'raw'); if ($_CONF['allow_page_breaks'] == 1) { $allowed_tags = array_merge($allowed_tags, array('page_break')); } $allowed_html .= COM_allowedAutotags(false, $allowed_tags); $story_templates->set_var('lang_allowed_html', $allowed_html); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { $story_templates->set_var('lang_images', $LANG24[47]); $icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid()); if ($icount > 0) { $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_articles); $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>'; } } $newallowed = $_CONF['maximagesperarticle'] - $icount; for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>'; if ($z < $_CONF['maximagesperarticle']) { $fileinputs .= '<br' . XHTML . '>'; } } $fileinputs .= '<br' . XHTML . '>' . $LANG24[51]; if ($_CONF['allow_user_scaling'] == 1) { $fileinputs .= $LANG24[27]; } $fileinputs .= $LANG24[28] . '<br' . XHTML . '>'; } // Add JavaScript $_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js'); if ($_CONF['titletoid']) { $_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js'); $story_templates->set_var('titletoid', true); } $_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js'); // Loads jQuery UI datepicker and timepicker-addon $_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider'); // $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button'); $_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n'); // $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess'); $_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js'); $langCode = COM_getLangIso639Code(); $toolTip = $MESSAGE[118]; $imgUrl = $_CONF['site_url'] . '/images/calendar.png'; $_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE); // Setup Advanced Editor COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js'); $story_templates->set_var('saved_images', $saved_images); $story_templates->set_var('image_form_elements', $fileinputs); $story_templates->set_var('lang_hits', $LANG24[18]); $story_templates->set_var('story_hits', $story->EditElements('hits')); $story_templates->set_var('lang_comments', $LANG24[19]); $story_templates->set_var('story_comments', $story->EditElements('comments')); $story_templates->set_var('lang_trackbacks', $LANG24[29]); $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks')); $story_templates->set_var('lang_emails', $LANG24[39]); $story_templates->set_var('story_emails', $story->EditElements('numemails')); if ($mode == 'clone') { $story_templates->set_var('story_id', COM_makesid()); } else { $story_templates->set_var('story_id', $story->getSid()); $story_templates->set_var('old_story_id', $story->EditElements('originalSid')); } $story_templates->set_var('lang_sid', $LANG24[12]); $story_templates->set_var('lang_save', $LANG_ADMIN['save']); $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $story_templates->set_var('gltoken_name', CSRF_TOKEN); $token = SEC_createToken(); $story_templates->set_var('gltoken', $token); $story_templates->parse('output', 'editor'); $display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= SEC_getTokenExpiryNotice($token, $LANG24[91]); $display .= $story_templates->finish($story_templates->get_var('output')); $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $display; }
/** * Delete a poll * * @param string $pid ID of poll to delete * @return string HTML redirect * */ function deletePoll($pid) { global $_CONF, $_TABLES, $_USER; $pid = addslashes($pid); $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $Q = DB_fetchArray($result); $access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } DB_delete($_TABLES['polltopics'], 'pid', $pid); DB_delete($_TABLES['pollanswers'], 'pid', $pid); DB_delete($_TABLES['pollquestions'], 'pid', $pid); DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls')); PLG_itemDeleted($pid, 'polls'); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20'); }
case $LANG_ADMIN['delete']: if ($rid === 0) { COM_errorLog('Attempted to delete route, rid empty or null, value =' . $rid); $display = COM_refresh($_CONF['site_admin_url'] . '/router.php'); } elseif (SEC_checkToken()) { $display = deleteRoute($rid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete route {$rid} and failed CSRF checks."); $display = COM_refresh($_CONF['site_admin_url'] . '/index.php'); } echo $display; die; break; case $LANG_ADMIN['save']: if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to illegally save route {$rid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); die; } $method = \Geeklog\Input::fPost('method', ''); $rule = \Geeklog\Input::post('rule', ''); $route = \Geeklog\Input::post('route', ''); $priority = \Geeklog\Input::fPost('priority', Router::DEFAULT_PRIORITY); $display = saveRoute($rid, $method, $rule, $route, $priority); break; case 'edit': $content = getRouteEditor($rid); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2])); break; case 'move': if (SEC_checkToken()) {
$display .= PLUGINS_list($token); $display .= COM_siteFooter(); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete plugin {$pi_name} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'remove': if (SEC_checkToken()) { $display .= COM_siteHeader('menu', $LANG32[30]); $display .= PLUGINS_remove($pi_name); $token = SEC_createToken(); $display .= PLUGINS_list($token); $display .= COM_siteFooter(); } else { COM_accessLog("User {$_USER['username']} tried to illegally remove plugin {$pi_name} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; default: $display .= COM_siteHeader('menu', $LANG32[5]); $msg = COM_getMessage(); $plugin = ''; if (isset($_POST['plugin'])) { $plugin = COM_applyFilter($_POST['plugin']); } else { if (isset($_GET['plugin'])) { $plugin = COM_applyFilter($_GET['plugin']); } } $display .= $msg > 0 ? COM_showMessage($msg, $plugin) : '';
// | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ /** * @package Maps */ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; $display = ''; // Ensure user even has the rights to access this page if (!SEC_hasRights('maps.admin')) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); // Log attempt to access.log COM_accessLog("User {$_USER['username']} tried to illegally access the Maps plugin administration screen."); echo $display; exit; } // Incoming variable filter $vars = array('mode' => 'alpha', 'cid' => 'number', 'id' => 'number', 'msg' => 'text'); MAPS_filterVars($vars, $_REQUEST); /** * List all maps that the user has access to * * @retun string HTML for the list * */ function MAPS_listmaps() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_MAPS_1;
function _checkHasAccess() { global $_USER, $LANG_DLM; // only users who belong to the Root group can full access if (!SEC_inGroup('Root')) { // deny access COM_accessLog("User {$_USER['username']} tried illegally to edit category {$this->_cid}."); $display = COM_showMessage(6, 'downloads'); $display = DLM_createHTMLDocument($display, array('pagetitle' => $LANG_DLM['manager'])); COM_output($display); exit; } }
/** * Saves user to the database * * @param int $uid user id * @param string $usernmae (short) username * @param string $fullname user's full name * @param string $email user's email address * @param string $regdate date the user registered with the site * @param string $homepage user's homepage URL * @param array $groups groups the user belongs to * @param string $delete_photo delete user's photo if == 'on' * @return string HTML redirect or error message * */ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering saveusers****", 1); COM_errorLog("group size at beginning = " . count($groups), 1); } $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); // If remote service then assume blank password if (!empty($service)) { $passwd = ''; $passwd_conf = ''; } $passwd_changed = true; if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') { $passwd_changed = false; } if ($passwd_changed && $passwd != $passwd_conf) { // passwords don't match return edituser($uid, 67); } $nameAndEmailOkay = true; if (empty($username)) { $nameAndEmailOkay = false; } elseif (empty($email)) { if (empty($uid)) { $nameAndEmailOkay = false; // new users need an email address } else { if (empty($service)) { $nameAndEmailOkay = false; // not a remote user - needs email } } } if ($nameAndEmailOkay) { if (!empty($email) && !COM_isEmail($email)) { return edituser($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { if (!empty($service)) { $uservice = DB_escapeString($service); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return edituser($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return edituser($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return edituser($uid, $ret['number']); } } if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = SEC_generateRandomPassword(); } $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage); if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } } else { $fullname = DB_escapeString($fullname); $homepage = DB_escapeString($homepage); $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}"); if (!empty($curphoto) && $delete_photo == 'on') { USER_deletePhoto($curphoto); $curphoto = ''; } if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); return $retval; } $curphoto = $newphoto; } } $curphoto = DB_escapeString($curphoto); DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}"); if ($passwd_changed && !empty($passwd)) { SEC_updateUserPassword($passwd, $uid); } if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; } // check that the user is allowed to change group assignments if (is_array($groups) && SEC_hasRights('group.assign')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } if ($userChanged) { PLG_userInfoChanged($uid); } $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php'); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); echo $retval; exit; } } else { $retval .= COM_showMessageText($LANG28[10]); if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= edituser($uid); } else { $retval .= edituser(); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1])); COM_output($retval); exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving saveusers*****************", 1); } return $retval; }
} elseif (isset($_GET[$provided])) { $action = $provided; } } switch ($action) { case 'banbutton_x': if (SEC_checkToken()) { $msg = SFS_banUsers(); $pageBody .= COM_showMessageText($msg) . SFS_adminList(); } else { COM_accessLog('User ' . $_USER['username'] . ' tried to ban users and failed CSRF checks.'); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'delbutton_x': if (SEC_checkToken()) { $msg = SFS_delUsers(); $pageBody .= COM_showMessageText($msg) . SFS_adminList(); } else { COM_accessLog('User ' . $_USER['username'] . ' tried to del users and failed CSRF checks.'); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; default: $pageBody .= SFS_adminList(); break; } $display = COM_siteHeader('menu', $LANG_SFS['title']); $display .= $pageBody; $display .= COM_siteFooter(); echo $display;
if (!in_array('databox', $_PLUGINS)) { COM_handle404(); exit; } require_once $_CONF['path'] . 'plugins/databox/lib/ppNavbar.php'; $edt_flg = FALSE; // 権限チェック if (SEC_hasRights('databox.admin')) { } else { $information = array(); $information['pagetitle'] = $MESSAGE[30]; $display = ""; $display .= COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $MESSAGE[35]; $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); COM_accessLog("User {$_USER['username']} tried to illegally access the databox administration screen."); $display = DATABOX_displaypage($pi_name, '_admin', $display, $information); COM_output($display); exit; } $adminurl = $_CONF['site_admin_url'] . '/plugins/' . THIS_PLUGIN . "/"; $navbarMenu = array(); $navbarMenu[$LANG_DATABOX_admin_menu['1']] = $adminurl . 'information.php'; $navbarMenu[$LANG_DATABOX_admin_menu['2']] = $adminurl . 'data.php'; $navbarMenu[$LANG_DATABOX_admin_menu['3']] = $adminurl . 'field.php'; $navbarMenu[$LANG_DATABOX_admin_menu['31']] = $adminurl . 'fieldset.php'; $navbarMenu[$LANG_DATABOX_admin_menu['4']] = $adminurl . 'category.php'; $navbarMenu[$LANG_DATABOX_admin_menu['5']] = $adminurl . 'group.php'; $navbarMenu[$LANG_DATABOX_admin_menu['51']] = $adminurl . 'mst.php'; $navbarMenu[$LANG_DATABOX_admin_menu['6']] = $adminurl . 'backuprestore.php'; //
* Geeklog common function library and Admin authentication */ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; require_once $_CONF['path_system'] . '/lib-admin.php'; if (!in_array('spamx', $_PLUGINS)) { COM_handle404(); exit; } $display = ''; // Only let admin users access this page if (!SEC_hasRights('spamx.admin')) { // Someone is trying to illegally access this page $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("Someone has tried to illegally access the Spam-X Admin page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); COM_output($display); exit; } /** * Main */ $display = ''; $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $display = COM_startBlock($LANG_SX00['plugin_name'], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= ADMIN_createMenu($menu_arr, $LANG_SX00['adminc'], plugin_geticon_spamx()); $files = array(); if ($dir = @opendir($_CONF['path'] . 'plugins/spamx/')) { while (($file = readdir($dir)) !== false) { if (is_file($_CONF['path'] . 'plugins/spamx/' . $file)) { if (substr($file, -16) === '.Admin.class.php') {
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER, $_TOPICS; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); COM_redirect($_CONF['site_admin_url'] . '/topic.php'); } // Update any child topics to root and un hide them DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // Need to cycle through stories from topic // Only delete story if only this one topic // Make sure to check if this topic is default for story. If is make another topic default. $object_tables[] = $_TABLES['stories']; $object_tables[] = $_TABLES['storysubmission']; $object_tables[] = $_TABLES['blocks']; $object_tables_id[$_TABLES['stories']] = 'sid'; $object_tables_id[$_TABLES['storysubmission']] = 'sid'; $object_tables_id[$_TABLES['blocks']] = 'bid'; $object_type[$_TABLES['stories']] = 'article'; $object_type[$_TABLES['storysubmission']] = 'article'; $object_type[$_TABLES['blocks']] = 'block'; foreach ($object_tables as $object_table) { $sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'"; $result = DB_query($sql); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); // Now check if another topic exists for this story $sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'"; $resultB = DB_query($sql); $numTopics = DB_numRows($resultB); if ($numTopics == 0) { // Delete comments, trackbacks, images associated with stories in this topic since only topic if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); if ($object_table == $_TABLES['stories']) { PLG_itemDeleted($A['sid'], 'article'); } } DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]); } else { // Story still exists for other topics so make sure one is default if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { if ($A['tdefault'] == 1) { $B = DB_fetchArray($resultB); $sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'"; DB_query($sql); } } } } } // Notify of Delete topic so other plugins can deal with their items without topics PLG_itemDeleted($tid, 'topic'); // delete these DB_delete($_TABLES['topic_assignments'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // Reorder Topics, Delete topic cache and reload topic tree reorderTopics(); // update feed(s) COM_rdfUpToDateCheck('article'); COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
case 'english': case 'english_utf-8': default: $_LANG_UPDATE = array('title' => 'Downloads Plugin Update', 'submit' => $LANG_ACCESS['submit'], 'cancel' => $LANG_ACCESS['cancel'], 'description1' => 'Downloads plugin is already up to date. There is no need to update.', 'description2' => 'Click the Submit button to start the process. (You cannot undo.)', 'description_001' => '#001: Respond to the new Configuration UI has been introduced with Geeklog version 1.8.0.', 'dm_not_installed' => 'Downloads Plugin are not installed or disabled.', 'db_error' => 'During a database access error occurred: ', 'process_canceled' => 'Update process %s was canceled.', 'process_interrupted' => 'Update process %s was interrupted.', 'process_completed' => 'Update process %s was completed successfully!'); break; } if (!in_array('downloads', $_PLUGINS)) { $display = COM_showMessageText($_LANG_UPDATE['dm_not_installed'], $MESSAGE[40]); $display = DLM_createHTMLDocument($display, array('menu' => $MESSAGE[40])); COM_output($display); exit; } if (!SEC_hasRights('downloads.edit')) { $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = DLM_createHTMLDocument($display, array('menu' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access " . "the downloads administration screen."); COM_output($display); exit; } function DLM_check_001() { global $_CONF, $_TABLES, $_LANG_UPDATE; $retval = ''; if (version_compare(VERSION, '1.8.0') >= 0) { $n = DB_getItem($_TABLES['conf_values'], 'COUNT(name)', "group_name = 'downloads' AND type = 'tab'"); if ($n == 0) { $retval .= $_LANG_UPDATE['description_001']; } } return $retval; }
$mode = "save"; } else { if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) { $mode = "delete"; } } if ($action == $LANG_ADMIN['cancel']) { // cancel $mode = ""; } //echo "mode=".$mode."<br>"; if ($mode == "" or $mode == "edit" or $mode == "new" or $mode == "export" or $mode == "sampleimport" or $mode == "copy") { } else { if (!SEC_checkToken()) { // if (SEC_checkToken()){//テスト用 COM_accessLog("User {$_USER['username']} tried to illegally and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } if ($mode == "exportexec") { LIB_export($pi_name); exit; } if ($mode == "sampleimportexec") { LIB_sampleimport($pi_name); } // $menuno = 51; $display = ''; $information = array();
// | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ require_once '../../../lib-common.php'; if (!SEC_hasRights('japanize.edit')) { $content = COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header')) . $MESSAGE[35] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display = is_callable('COM_createHTMLDocument') ? COM_createHTMLDocument($content) : COM_siteHeader() . $content . COM_siteFooter(); COM_accessLog('User ' . $_USER['username'] . ' tried to illegally access the japanize administration screen.'); echo $display; exit; } // +---------------------------------------------------------------------------+ // | MAIN | // +---------------------------------------------------------------------------+ // Gets the current state of Japanization if (DB_getItem($_TABLES['vars'], 'COUNT(*)', "name='japanize_plugin'") == 1) { $current = (int) DB_getItem($_TABLES['vars'], 'value', "name='japanize_plugin'"); } else { $current = 0; } $needChange = false; if (isset($_POST['japanize_all']) && $_POST['japanize_all'] === JAPANIZE_str('japanize_all')) { $A = 63;