define('CCMS_PERFORM_MINIMAL_INIT', true);
}
// Define default location
if (!defined('BASE_PATH')) {
$base = str_replace('\\', '/', dirname(dirname(dirname(dirname(dirname(__FILE__))))));
define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
// Set default variables
$do = getGETparam4IdOrNumber('do');
$status = getGETparam4IdOrNumber('status');
$status_message = getGETparam4DisplayHTML('msg');
// Open recordset for specified user
$userID = getGETparam4Number('userID');
if ($userID > 0) {
$row = $db->SelectSingleRow($cfg['db_prefix'] . 'users', array('userID' => MySQL::SQLValue($userID, MySQL::SQLVALUE_NUMBER)));
if (!$row) {
$db->Kill($ccms['lang']['system']['error_general']);
}
} else {
die($ccms['lang']['system']['error_general']);
}
if (isset($_SESSION['rc1']) && !empty($_SESSION['rc2']) && checkAuth()) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Edit users</title>
/* make darn sure only authenticated users can get past this point in the code */
if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userName']) || !checkAuth()) {
// this situation should've caught inside sitemap.php-->security.inc.php above! This is just a safety measure here.
die_with_forged_failure_msg(__FILE__, __LINE__);
// $ccms['lang']['auth']['featnotallowed']
}
// Prevent PHP warning by setting default (null) values
$do_action = getGETparam4IdOrNumber('action');
/**
*
* Generate the WYSIWYG or code editor for editing purposes (prev. editor.php)
*
*/
if ($do_action == 'edit' && $_SERVER['REQUEST_METHOD'] == 'GET' && checkAuth()) {
// Set the necessary variables
$page_id = getGETparam4Number('page_id');
$row = $db->SelectSingleRow($cfg['db_prefix'] . 'pages', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)));
if (!$row) {
$db->Kill();
}
$owner = explode('||', strval($row->user_ids));
if ($perm->is_level_okay('managePageEditing', $_SESSION['ccms_userLevel']) && ($row->iscoding != 'Y' || $perm->is_level_okay('managePageCoding', $_SESSION['ccms_userLevel'])) && (!in_array($row->urlpage, $cfg['restrict']) || in_array($_SESSION['ccms_userID'], $owner))) {
$iscoding = $row->iscoding;
$active = $row->published;
$name = $row->urlpage;
$filename = BASE_PATH . '/content/' . $name . '.php';
if (0) {
// Check for editor.css in template directory
$template = $row->variant;
}
// Check for filename
* This produces the following query as a result:
*
* SELECT COUNT(commentID) FROM ccms_modcomment WHERE pageID = 'xyz'
*
* NOTE that this type of usage assumes the 'raw string' has been correctly
* processed by the caller, i.e. all SQL injection attack prevention precautions
* have been taken. (Well, /hardcoding/ it like this is the safest possible
* thing right there, so no worries, mate! ;-) )
*/
$total = $db->SelectSingleValue($cfg['db_prefix'] . 'modcomment', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)), 'COUNT(commentID)');
if ($db->ErrorNumber()) {
$db->Kill();
}
$limit = getGETparam4Number('offset') * $max;
// feature: if a comment 'bookmark' was specified, jump to the matching 'page'...
$commentID = getGETparam4Number('commentID');
if ($commentID > 0) {
$limit = $commentID - 1;
$limit -= $limit % $max;
}
if ($limit >= $total) {
$limit = $total - 1;
}
if ($limit < 0) {
$limit = 0;
}
$offset = intval($limit / $max);
$limit4sql = $offset * $max . ',' . $max;
// Set front-end language
SetUpLanguageAndLocale($rsLoc);
// Load recordset
}
// Define default location
if (!defined('BASE_PATH')) {
$base = str_replace('\\', '/', dirname(dirname(dirname(dirname(__FILE__)))));
define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/admin/includes/security.inc.php';
// when session expires or is overridden, the login page won't show if we don't include this one, but a cryptic error will be printed.
if (empty($cfg['MT_FileManager_language']) || empty($cfg['tinymce_language'])) {
die("INTERNAL LANGUAGE INIT ERROR!");
}
$do = getGETparam4IdOrNumber('do');
// Open recordset for specified user
$newsID = getGETparam4Number('newsID');
$page_id = getGETparam4IdOrNumber('page_id');
if (!(checkAuth() && $perm->is_level_okay('manageModNews', $_SESSION['ccms_userLevel']))) {
die("No external access to file");
}
if (!$page_id) {
die($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
if ($newsID && $page_id) {
$news = $db->QuerySingleRow("SELECT * FROM `" . $cfg['db_prefix'] . "modnews` m LEFT JOIN `" . $cfg['db_prefix'] . "users` u ON m.userID = u.userID WHERE newsID = " . MySQL::SQLValue($newsID, MySQL::SQLVALUE_NUMBER) . " AND page_id = " . MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER));
if (!$news) {
$db->Kill();
}
}
$textarea4teaser_id = str2variablename('newstease_' . $page_id . (!empty($newsID) ? '_' . $newsID : ''));
$textarea4article_id = str2variablename('newsarticle_' . $page_id . (!empty($newsID) ? '_' . $newsID : ''));
