<?php
$log = "User " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ") logging off... ";
if (!$oUserManager->checkUser($fusebox['defaultUser'])) {
$tmpoUser = new User(0, $fusebox['defaultUser']);
$tmpoUser->setRegisteredDate();
if ($oUserManager->addUser($tmpoUser)) {
if (!($tmpoUser = $oUserManager->getUser($fusebox['defaultUser']))) {
_throw("FStillNoDefaultUser", "No default user found... again! DB corrupted ?");
}
} else {
_throw("FCannotAddDefaultUser", "Cannot add default user");
}
}
if ($userlogged = $oUserManager->logoutUser()) {
$oUser = $userlogged;
// setting unique name for visitor to track activity
$oUser->setFirstName(strtoupper($oUser->getLogin()));
$oUser->setMiddleName(chr(rand(65, 90)));
$oUser->setLastName(rand(0, 9999999));
$oUser->setUserAgent($_SERVER['HTTP_USER_AGENT']);
$oUser->setCurrentVisitIP($_SERVER['REMOTE_ADDR']);
$oUser->setCurrentVisitMoment(date('Y-m-d H:i:s'));
$log .= "success!";
} else {
_error("ENoDefaultUser", "No default user found");
$log .= "failed.";
}
_xfa($myself . $fusebox['defaultFuseaction']);
_log($log);
_log("After logoff user became " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ")");
<?php
if (!empty($attributes['id'])) {
if (is_numeric($attributes['id'])) {
if ($oSecurityManager->checkGroupByID($attributes['id'])) {
if ($oSecurityManager->removeGroupsByID($attributes['id'])) {
_message("MGroupRemoved", "Group removed");
}
} else {
_warning("WNoSuchGroup", "No such group found");
}
} elseif (is_array($attributes['id'])) {
if ($oSecurityManager->removeGroupsByID($attributes['id'])) {
_message("MGroupsRemoved", "Groups removed");
}
} else {
_error("EInvalidGroupID", "Invalid group ID");
}
} else {
_error("ENoGroupGiven", "No security group is given to delete");
}
_xfa($myself . "admin.showGroups");
<?php
if (empty($attributes['id']) && empty($attributes['key'])) {
_error("ENoFuseactionGiven", "No page or action is given");
} else {
$tmpFuseaction = false;
if (isset($attributes['id']) && intval($attributes['id']) > 0) {
$tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id']));
} elseif (isset($attributes['key'])) {
$tmpFuseaction = $oFuseManager->getFuseaction($attributes['key']);
} else {
_error("ENoValidFuseactionGiven", "No valid page or action is given");
}
if (!$tmpFuseaction) {
_error("ENoFuseactionFound", "No such page or action found in DB");
} else {
$tmpFuseaction->setResponsibility($attributes['fResponsibility']);
if ($oFuseManager->setFuseaction($tmpFuseaction->getName(), $tmpFuseaction)) {
_message("MFuseactionStored", "Page/action responsibilities stored successfully");
} else {
_warning("WFuseactionNotStored", "Page/action responsibilities not saved");
}
}
}
if (!_gotxfa()) {
_xfa($myself . "admin.showFuseaction&id={$attributes['id']}");
}
<?php
if (!empty($attributes['fCode']) && isset($attributes['fName'])) {
if (!$oPropertyManager->setProperty($attributes['fCode'], array('code' => $attributes['fCode'], 'name' => $attributes['fName']))) {
_warning("WPropertyNotSaved", "Something happened when storing property, probably property with such code already exists");
} else {
_message("MPropertySaved", "Property was sucessfully saved");
}
} else {
_error("EWrongFormSubmitted", "Wrong form submitted, or else...");
}
_xfa($myself . "admin.showProperties");
}
} else {
_warning("WCaptchaStringUnknown", "Secret user string is unknown");
}
if (!_gotWarnings() && !_gotErrors()) {
$tmpUser->setRegisteredDate();
if ($newuserid = $oUserManager->addUser($tmpUser)) {
$tmparrRegistrantGroups = explode(",", $fusebox['defaultRegistrantGroups']);
$tmparrRegistrantGroups2 = array();
if (count($tmparrRegistrantGroups) > 0) {
foreach ($tmparrRegistrantGroups as $g) {
$tmparrRegistrantGroups2[] = $oSecurityManager->getGroup($g);
}
}
if ($oSecurityManager->pushUserGroups($newuserid, $tmparrRegistrantGroups2)) {
_message("MUserAdded", "User successfully added");
} else {
_warning("WGroupNotSetForNewUser", "Cannot set default security group for new user " . $tmpUser->getLogin());
}
} else {
_warning("WUserNotAdded", "User wasn't added");
}
}
}
}
} else {
_error("EInvalidForm", "Invalid form submitted");
}
if (!_gotWarnings() && !_gotErrors()) {
_xfa("{$myself}home.showRegistrationConfirmation");
}
if (!isset($attributes['email']) || strlen($attributes['email']) == 0) {
_warning("WEmptyEmail", $oContentManager->getTitle("WEmptyEmail", "Please enter your email"));
} else {
if (preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/", $attributes['email']) == 0) {
_warning("WInvalidEmail", $oContentManager->getTitle("WInvalidEmail", "Please enter valid email"));
} else {
if ($_SESSION['SecretUserString'] != $attributes['captcha']) {
_warning("WInvalidCaptcha", $oContentManager->getTitle("WInvalidCaptcha", "Security string is not correct"));
} else {
$replaceFrom = array("{TEXT}");
$replaceTo = array($attributes['text']);
$subject = str_replace($replaceFrom, $replaceTo, $ogMailTemplatesManager->getTitle("ContactUs", "Message from site visitor"));
$body = str_replace($replaceFrom, $replaceTo, $ogMailTemplatesManager->getContent("ContactUs", "{TEXT}"));
$oPHPMailer = new PHPMailer();
$oPHPMailer->IsHTML(true);
$oPHPMailer->From = stripslashes($attributes['email']);
$oPHPMailer->FromName = stripslashes($attributes['name']);
$oPHPMailer->CharSet = $oLanguage->getEncoding();
$oPHPMailer->AddAddress($oSettingsManager->getValue("ContactUsEmail", 'postmaster@' . $_SERVER['HTTP_HOST'], "STRING", "Contact Us email address"));
$oPHPMailer->Subject = stripslashes($subject);
$oPHPMailer->Body = stripslashes($body);
$oPHPMailer->Send();
unset($oPHPMailer);
_message("MContactUsMessageSent", "Message sent");
}
}
}
}
if (!_gotWarnings() && !_gotErrors()) {
_xfa("{$myself}home.showContactForm");
}
<?php
if (isset($attributes['fCode']) && isset($attributes['fXCode']) && isset($attributes['fName']) && isset($attributes['fPos'])) {
if (strlen($attributes['fCode']) > 0) {
if (isset($attributes['entryid'])) {
if (!$oPropertyManager->setDictionaryEntryByID($attributes['entryid'], array('code' => $attributes['fCode'], 'xcode' => $attributes['fXCode'], 'name' => $attributes['fName'], 'pos' => $attributes['fPos']))) {
_warning("WPropertyDictionaryEntryNotStored", "Something happened while saving property dictionary entry to DB, probably another entry exists with same code or no entry with such ID (already) exists");
} else {
_message("MPropertyDictionaryEntryStored", "Property dictionary entry successfully stored");
}
} elseif (isset($attributes['propertycode'])) {
if (!$oPropertyManager->addDictionaryEntry($attributes['propertycode'], array('code' => $attributes['fCode'], 'xcode' => $attributes['fXCode'], 'name' => $attributes['fName'], 'pos' => $attributes['fPos']))) {
_warning("WPropertyDictionaryEntryNotAdded", "Something happened while adding property dictionary entry to DB, probably entry with such code already exists");
} else {
_message("MPropertyDictionaryEntryAdded", "Property dictionary entry successfully added");
}
} else {
_error("ENoPropertyOrEntryFound", "No property or dictionary entry given");
}
} else {
_warning("WPropertyDictionaryEntryCodeCannotBeEmpty", "Property dictionary entry code cannot be empty");
}
} else {
_error("EWrongEntryFormSubmitted", "Invalid property dictionary form submitted");
}
_xfa($myself . "admin.showPropertyDictionary&code=" . $attributes['propertycode']);
$attributes['last_modified'] = date('Y-m-d');
}
if (strlen($attributes['change_freq']) == 0) {
_warning("MessageEmptyChangeFreq", $oContentManager->getCleanTitle("MessageEmptyChangeFreq"));
}
if (strlen($attributes['priority']) == 0) {
$attributes['priority'] = 0.5;
} else {
$attributes['priority'] = floatval($attributes['priority']);
}
if (!_gotWarnings() && !_gotErrors()) {
$newItem = array();
$newItem['url'] = $attributes['url'];
$newItem['last_modified'] = $attributes['last_modified'];
$newItem['change_freq'] = $attributes['change_freq'];
$newItem['priority'] = $attributes['priority'];
if ($attributes['id'] > 0) {
if ($oSitemap->updateItemByID($attributes['id'], $newItem)) {
_message("MSitemapItemUpdated", "Sitemap Item updated successfully");
} else {
_warning("WCannotUpdateSitemapItem", $oSitemap->getLastError());
}
} else {
if ($oSitemap->addItem($newItem)) {
_message("MSitemapItemAdded", "Sitemap Item added successfully");
} else {
_warning("WCannotAddSitemapItem", $oSitemap->getLastError());
}
}
_xfa($myself . "admin.showSitemap");
}
if (empty($attributes['id'])) {
_error("ENoFuseactionGiven", "No page or action is given");
} else {
$tmpFuseaction = false;
if (isset($attributes['id']) && intval($attributes['id']) > 0) {
$tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id']));
} else {
_error("ENoValidFuseactionGiven", "No valid page or action is given");
}
if (!$tmpFuseaction) {
_error("ENoFuseactionFound", "No such page or action found in DB");
} else {
$arrLanguages = $oLanguageManager->getLanguages();
$arrTokens = $oGraphicsManager->pullTokens($tmpFuseaction->getID());
foreach ($arrTokens as $tmpToken) {
foreach ($arrLanguages as $tmpLanguage) {
$tmpFileName = $oGraphicsManager->pullTitle($tmpFuseaction->getID(), $tmpLanguage->getID(), $tmpToken['token']);
$tmpFilePath = $fusebox['pathGraphics'] . $tmpFileName;
if ($tmpFileName != '' && !strpos($tmpFileName, '/') && file_exists($tmpFilePath) && !is_dir($tmpFilePath)) {
@unlink($tmpFilePath);
}
}
}
if (!$oGraphicsManager->deleteFuseactionTokens($tmpFuseaction->getID())) {
_warning("WFuseactionGraphicsNotCleared", "Cannot clear page graphics. DB error.");
} else {
_message("MFuseactionGraphicsCleared", "Page graphics was removed successfully");
_xfa($myself . "admin.showGraphicsPages");
}
}
}
<?php
$itemID = isset($attributes['id']) ? intval($attributes['id']) : 0;
if ($itemID > 0) {
//check that document exists
$itemToDelete = $oSitemap->getItemByID($itemID);
if (empty($itemToDelete)) {
_warning("WSitemapItemNotFound", "Sitemap Item not found, probably already deleted");
} else {
if ($oSitemap->deleteItemByID($itemID)) {
_message("MSitemapItemDeleted", "Sitemap Item deleted successfully");
} else {
_warning("WCannotDeleteSitemapItem", "Cannot delete Sitemap Item, DB error");
}
_xfa("{$myself}admin.showSitemap");
}
} else {
_warning("WEmptySitemapItemID", "No Sitemap Item ID(s) specified");
}
<?php
foreach ($attributes as $key => $val) {
$tmpoUser = false;
$arrGroups = array();
if (strpos($key, "u_") !== false) {
if (is_array($val)) {
foreach ($val as $gid) {
$arrGroups[] = $oSecurityManager->getGroupByID($gid);
}
list($u, $id) = explode("_", $key);
if ($tmpoUser = $oUserManager->getUserByID($id)) {
$oSecurityManager->pushUserGroups($tmpoUser->getID(), $arrGroups);
}
}
}
}
_message("MUserGroupsStored", "User groups stored");
_xfa($myself . "admin.showUsers");
<?php
$result = true;
foreach ($attributes as $k => $a) {
if (strpos($k, "sq_") !== false) {
$arrID = explode("_", $k);
if (!$oSecurityManager->pushGroupAccessByID($arrID[1], $a)) {
$result = false;
}
}
}
if (!$result) {
_warning("WExceptionSavingSecurity", "Something happened while permissions update performed");
} else {
_message("MSecurityUpdated", "Permissions updated");
}
_xfa($myself . "admin.showFuseactions");
<?php
if (!empty($attributes['key'])) {
if ($oSettingsManager->removeSetting($attributes['key'])) {
_message("MSettingDeleted", "Setting deleted succsessfully");
_xfa($myself . "admin.showSettings");
} else {
_warning("WSettingNotDeleted", "Something happened when deleting a setting, probably setting with such key already deleted");
}
} else {
_error("ENoSettingGiven", "No setting key is given");
}
<?php
/*
* SECURITY FUSEBOX PLUGIN v.4B1
* (c) Rodion Bykov roddyb@yandex.ru 2005
* Created on Nov 14, 2005
* Last modified on Oct 27, 2006
*
* Please ask for written permission before redistribute or use this plugin in your project
* I give no warranty or support of any kind for this class, neither guarantee its suitability to any purpose
*/
if ($attributes['fuseaction'] == $fusebox['xfaLogin'] || $attributes['fuseaction'] == $fusebox['xfaLogout'] || $attributes['fuseaction'] == $fusebox['xfaAccessDenied'] || $attributes['fuseaction'] == $fusebox['xfaLoginForm']) {
$access = true;
} else {
$access = $oSecurityManager->getUserAccess($attributes['fuseaction']);
}
if (!$access) {
// saving location to go after successful login
_xfa($here, $fusebox['xfaLogin']);
// saving XFAs to session to pick up next time
$_SESSION['globalXFA'] = $XFA;
// moving to exit
Location($fusebox['urlBase'] . $myself . $fusebox['xfaAccessDenied'], 0);
// 0 means no PHPSESSID
}
_warning("WEmptyGroupCode", "Group code cannot be empty and may contain only letters and numbers, no spaces");
}
}
if (isset($attributes['fName'])) {
$tmpoGroup->setName($attributes['fName']);
}
if (isset($attributes['fDescription'])) {
$tmpoGroup->setDescription($attributes['fDescription']);
}
if (isset($attributes['fHomePage'])) {
$tmpoGroup->setHomePage($attributes['fHomePage']);
if (strlen($attributes['fHomePage']) && !$oFuseManager->getFuseaction($attributes['fHomePage'])) {
_warning("WInvalidHomePage", "Specified home page is not found");
}
}
if (!_gotWarnings() && !_gotErrors()) {
if (!empty($attributes['id'])) {
if (!$oSecurityManager->setGroupByID($attributes['id'], $tmpoGroup)) {
_error("ECannotSaveGroup", "Cannot save group \"" . $tmpoGroup->getName() . "\"");
} else {
_message("MGroupSaved", "Group saved successfully");
}
} else {
if (!$oSecurityManager->addGroup($tmpoGroup)) {
_error("ECannotAddGroup", "Cannot add group \"" . $tmpoGroup->getName() . "\"");
} else {
_message("MGroupAdded", "Group added successfully");
}
}
_xfa("{$myself}admin.showGroups");
}
<?php
if (empty($attributes['id'])) {
_error("ENoLanguageGiven", "No language given");
} else {
if ($oLanguageManager->removeLanguagesByID($attributes['id'])) {
_message("MLanguagesRemoved", "Languages removed successfully");
} else {
_warning("WLanguageNotRemoved", "Lanugage was not removed");
}
}
_xfa($myself . "admin.showLanguages");
<?php
if (empty($attributes['id'])) {
_error("ENoFuseactionGiven", "No page or action is given");
} else {
$tmpFuseaction = false;
if (isset($attributes['id']) && intval($attributes['id']) > 0) {
$tmpFuseaction = $oFuseManager->getFuseactionByID(intval($attributes['id']));
} else {
_error("ENoValidFuseactionGiven", "No valid page or action is given");
}
if (!$tmpFuseaction) {
_error("ENoFuseactionFound", "No such page or action found in DB");
} else {
if (!$oContentManager->deleteFuseactionTokens($tmpFuseaction->getID())) {
_warning("WFuseactionNotCleared", "Cannot clear page content. DB error.");
} else {
_message("MFuseactionCleared", "Page content was removed successfully");
_xfa($myself . "admin.showContentPages");
}
}
}
if (!_gotxfa()) {
}
if ($oUserManager->checkUser($attributes['fLogin'])) {
if ($userlogged = $oUserManager->loginUser($attributes['fLogin'], $attributes['fPwd'])) {
$arrUserGroups = $oSecurityManager->pullUserGroups($userlogged->getID());
$userXFA = $fusebox['defaultFuseaction'];
if ($arrUserGroups) {
$userlogged->setGroups($arrUserGroups);
if (!_gotxfa()) {
//find valid user's home page
foreach ($arrUserGroups as $tmpGroup) {
if ($tmpGroup->getHomePage() && $oFuseManager->getFuseaction($tmpGroup->getHomePage())) {
$userXFA = $tmpGroup->getHomePage();
}
}
}
}
_xfa($myself . $userXFA);
$oUser = $userlogged;
$log .= "'... success!";
} else {
_warning("WIncorrectPassword", "Password provided for login {$attributes['fLogin']} is incorrect");
$log .= "'... failed.";
}
_log($log);
} else {
_warning("WNoSuchUser", "There is no user {$attributes['fLogin']} registered with system");
}
} else {
_warning("WEmptyLoginCredentials", "Cannot log in with empty login or password");
}
if (!_gotErrors() && !_gotWarnings()) {
_log("After successful login user became " . $oUser->getFullName() . " (" . $oUser->getLogin() . ", " . $oUser->getID() . ")");
<?
if(!empty($attributes['token'])){
if(!$ogMailTemplatesManager->deleteToken(0, $attributes['token'])){
_error("ENoTokenFound", "Record not found, perhaps already deleted");
}
}else{
_error("ENoMailTemplateTokenGiven", "No mail template token is given");
}
if(!_gotErrors() && !_gotWarnings()){
_message("MMailTemplateDeleted", "Mail template deleted successfully");
_xfa($myself . "admin.showMailTemplates");
}
?>
<?php
if (empty($attributes['token']) && !empty($attributes['article'])) {
$attributes['token'] = $attributes['article'];
} else {
if (empty($attributes['article']) && !empty($attributes['token'])) {
$attributes['article'] = $attributes['token'];
}
}
if (!empty($attributes['token']) && !empty($attributes['fName']) && !empty($attributes['fComment'])) {
if (strlen($_SESSION['SecretUserString']) > 0) {
if (!empty($attributes['fHString'])) {
if ($_SESSION['SecretUserString'] != $attributes['fHString']) {
_warning("WCaptchaStringNotMatch", "Secret user string not match");
} else {
if ($ogArticleManager->storeComment($attributes['token'], $attributes['fName'], $attributes['fComment'])) {
_message("MCommentAdded", "Your comment is added");
_xfa($myself . "home.showArticleComments&article=" . $attributes['token']);
} else {
_warning("WErrorSavingComment", "Error happened while saving comment, please try again");
}
}
} else {
_warning("WCaptchaStringEmpty", "Secret user string is empty");
}
} else {
_warning("WCaptchaStringUnknown", "Secret user string is unknown");
}
} else {
_warning("WEnterComment", "Please enter your name and your comment");
}
<?php
if (!empty($attributes['node'])) {
if ($arrNode = $ogArticleTree->getNodeInfo($attributes['node'])) {
$sql = "DELETE FROM " . $fusebox['tableArticles'] . " WHERE id_token = " . $arrNode['data_id'];
if ($oDB->query($sql) && $ogArticleTree->removeNodes($attributes['node'])) {
_message("MArticleRemoved", "Article removed");
}
} else {
_error("EArticleNodeNotExists", "Article node not exists");
}
} else {
_error("ENoArticleNodeGiven", "No article node given");
}
_xfa($myself . "admin.showArticlesTree");
<?php
$tmpUser = false;
if (!empty($attributes['fLogin'])) {
if ($tmpUser = $oUserManager->getUser($attributes['fLogin'])) {
_log("Changing password for user " . $tmpUser->getLogin());
$strNewUserPassword = $oUserManager->resetPassword($tmpUser->getLogin());
} else {
_warning("WNoSuchUser", "No user with such login exists");
}
} else {
_error("EWrongFormSubmitted", "Wrong form submitted");
}
_xfa($myself . "home.showPasswordRecoverConfirmation");
<?php
if (isset($attributes['fuseactionid']) && is_numeric($attributes['fuseactionid'])) {
if (!empty($attributes['token'])) {
$arrLanguages = $oLanguageManager->getLanguages();
foreach ($arrLanguages as $l) {
$tmpFormFieldName = 'content_' . $l->getID();
if (isset($attributes[$tmpFormFieldName])) {
$strContent = html_entity_decode($attributes[$tmpFormFieldName], ENT_COMPAT, $l->getEncoding());
if ($strContent !== false) {
if (!$oSEOContentManager->pushContent($attributes['fuseactionid'], $l->getID(), $attributes['token'], $strContent)) {
_warning("WSEOContentNotStored", "Something happened while storing SEO content");
}
} else {
_warning("WSEOContentCannotBeConverted", "SEO content cannot be converted to " . $l->getEncoding());
}
}
}
} else {
_error("ENoSEOTokenGiven", "No SEO token is given");
}
} else {
_error("ENoFuseactionGiven", "No page is given");
}
_xfa($myself . "admin.showFuseactionSEOTokens&id=" . $attributes['fuseactionid']);
<?php
if (!empty($attributes['id'])) {
if (is_numeric($attributes['id'])) {
_log("Removing user with ID " . $attributes['id']);
if ($oSecurityManager->killUsersGroups($attributes['id']) && $oUserManager->removeUsersByID($attributes['id'])) {
_message("MUserRemoved", "User removed successfully");
} else {
_warning("WNoSuchUser", "No user with such ID found");
}
} elseif (is_array($attributes['id'])) {
_log("Removing users with IDs " . join(", ", $attributes['id']));
if ($oSecurityManager->killUsersGroups($attributes['id']) && $oUserManager->removeUsersByID($attributes['id'])) {
_message("MUsersRemoved", "Users removed successfully");
}
} else {
_error("EInvalidUserID", "Invalid user ID");
}
} else {
_error("ENoUserGiven", "No user given");
}
_xfa("{$myself}admin.showUsers");
