<?php // load base functions require_once '../../../config.php'; // get prioritized sections $prioritized = get_exts_order(); // and availabe sections too $exts = ext_available(); $div = ""; foreach ($prioritized as $dirname => $priority) { // skip deleted sections (do not remove from DB) if (!in_array($dirname, $exts)) { continue; } $div .= '<div id="' . $dirname . '" class="groupItem">'; $div .= ' <div class="itemHeader">' . filename_to_str($dirname) . '</div>'; $div .= '</div>'; } echo $div;
<?php session_start(); require '../../../config.php'; // check root user if (!is_root()) { exit; } if (isset($_GET['reset'])) { $ext = ext_available(); foreach ($ext as $dir) { $success = db_update(TBL_PREFIX . TBL_EXTS, "priority = '0'", "dir = '" . $dir . "'"); } if ($success) { echo '<p class="warning">Reset!</p>'; } } else { if (isset($_GET['sort'])) { // update DB foreach ($_GET['sort'] as $priority => $ext) { $success = db_update(TBL_PREFIX . TBL_EXTS, "priority = '" . ($priority + 1) . "'", "dir = '" . $ext . "'"); } if ($success) { echo '<p class="success">Saved!</p>'; } } }
$newext = array_flip($_SESSION['allowed']); $diff = array_diff_key($newext, $prioritized); $warn = false; if ($diff > 1) { foreach ($diff as $dir => $priority) { if ($dir != "admin") { db_insert(TBL_PREFIX . TBL_EXTS, "dir,priority", "'" . $dir . "', '" . (max($prioritized) + 1) . "'"); $warn = true; } } if ($warn) { echo display_text($_displayType["WARNING"], 'New extensions have been installed. Please reload this page.'); } } // should be removed from DB a previously installed extension? $installed = ext_available(); foreach ($prioritized as $dir => $priority) { if (!in_array($dir, $installed)) { db_delete(TBL_PREFIX . TBL_EXTS, "dir = '" . $dir . "'"); } } } // display header title echo '<h1>Admin panel</h1>'; /* now check for new releases servers in safe_mode or with open_basedir set will throw a CURL_FOLLOW_LOCATION error */ echo check_smt_releases(); /* connection settings ------------------------------------------------------ */ error_reporting(0); // check if (smt) is installed properly
<?php // server settings are required - relative path to smt2 root dir require '../../../config.php'; // protect extension from being browsed by anyone require SYS_DIR . 'logincheck.php'; // now you have access to all CMS API include INC_DIR . 'header.php'; // retrieve extensions $MODULES = ext_available(); // get all roles $ROLES = db_select_all(TBL_PREFIX . TBL_ROLES, "*", "1"); // query DB once $ROOT = is_root(); // helper function function table_row($role, $new = false) { global $MODULES, $ROOT; $self = $role['id'] == $_SESSION['role_id']; // wrap table row in a form, so each user can be edited separately $row = '<form action="saveroles.php" method="post">'; $row .= '<tr>'; $row .= ' <td>'; $row .= !$new ? '<strong>' . $role['name'] . '</strong>' : '<input type="text" class="text center" id="newrole" name="name" value="type role name" size="15" maxlength="100" />'; $row .= ' </td>'; $allowed = explode(",", $role['ext_allowed']); // check available extensions foreach ($MODULES as $module) { // disable admin roles (they have wide access) $disabled = $self || $role['id'] == 1 && !$new ? ' disabled="disabled"' : null; // look for registered users' roles
if (isset($_COOKIE['smt-login'])) { $_SESSION['login'] = $_COOKIE['smt-login']; } if (empty($_SESSION['login'])) { // redirect to root dir, where user authentication will prompt $_SESSION['error'] = "NOT_LOGGED"; header("Location: " . ABS_PATH . "?redirect=" . urlencode(url_get_current(true))); exit; } else { // check current session login $user = db_select(TBL_PREFIX . TBL_USERS, "role_id", "login='******'login'] . "'"); $role = db_select(TBL_PREFIX . TBL_ROLES, "ext_allowed", "id='" . $user['role_id'] . "'"); // save session $_SESSION['role_id'] = (int) $user['role_id']; $_SESSION['allowed'] = explode(",", $role['ext_allowed']); // root user have wide access if ($_SESSION['role_id'] === 1) { $_SESSION['allowed'] = ext_available(); } // always set available the dashboard! array_push($_SESSION['allowed'], "admin"); if (!in_array(ext_name(), $_SESSION['allowed'])) { // redirect to admin dir $_SESSION['error'] = "NOT_ALLOWED"; header("Location: " . ADMIN_PATH); exit; } else { // update status db_update(TBL_PREFIX . TBL_USERS, "last_access = NOW()", "login = '******'login'] . "'"); } }