<?php // for compatibility with older plugins, include functions that have been factored out of admin_functions.php $libDir = pathinfo(__FILE__, PATHINFO_DIRNAME); require_once "{$libDir}/login_functions.php"; // require HTTPS if (@$SETTINGS['advanced']['requireHTTPS'] && !isHTTPS()) { $httpsUrl = preg_replace('/^http:/i', 'https:', thisPageUrl()); die(sprintf(t("Secure HTTP login required: %s"), "<a href='{$httpsUrl}'>{$httpsUrl}</a>")); } // restrict IP access if (@$SETTINGS['advanced']['restrictByIP'] && !isIpAllowed()) { die(sprintf(t("Access is not permitted from your IP address (%s)"), $_SERVER['REMOTE_ADDR'])); } // install or upgrade if needed installIfNeeded(); upgradeIfNeeded(); // register if needed # NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement. # NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement # NOTE: Please do not steal our software. registerIfNeeded(); // set current user or show login menu function adminLoginMenu() { global $CURRENT_USER; // login menu actions $action = @$_REQUEST['action']; if ($action == 'logoff') { user_logoff(); exit;
} // Build the array options for the HTML renderer to get the nice file numbering $rendOptions = array('numbers' => $options['HTML_TABLE_view_source_numbers'], 'tabsize' => $options['HTML_TABLE_view_source_tabsize']); // Finish parser object creation $renderer = new Text_Highlighter_Renderer_Html($rendOptions); $phpHighlighter = Text_Highlighter::factory('PHP'); $phpHighlighter->setRenderer($renderer); // Now start output, header $header = str_replace('<title>PEAR::PHP_Debug</title>', '<title>PEAR::PHP_Debug::View_Source::' . $_GET['file'] . '</title>', $options['HTML_TABLE_simple_header']); echo $header; echo ' <link rel="stylesheet" type="text/css" media="screen" href="' . $view_source_options['CSS_ROOT'] . '/view_source.css" /> </head> <body> '; // Security check if (isPathAllowed($_GET['file']) && isIpAllowed()) { if (file_exists($_GET['file'])) { echo '<div> <span class="hl-title">' . (get_magic_quotes_gpc() ? stripslashes($_GET['file']) : $_GET['file']) . ' </span> </div>'; echo $phpHighlighter->highlight(file_get_contents(get_magic_quotes_gpc() ? stripslashes($_GET['file']) : $_GET['file'])); } else { echo '<h2>File does not exists</h2>'; } } else { echo '<h1>Sorry, your are not allowed to access this path</h1>'; } // Footer echo $options['HTML_TABLE_simple_footer'];
function admin_saveSettings($savePagePath) { global $SETTINGS, $APP; // error checking clearAlertsAndNotices(); // so previous alerts won't prevent saving of admin options // security checks security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // disableInDemoMode('settings', $savePagePath); # license error checking if (array_key_exists('licenseProductId', $_REQUEST)) { if (!isValidProductId($_REQUEST['licenseProductId'])) { alert("Invalid Product License ID!"); } else { if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) { $SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName']; // update settings $SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName']; // ... $SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId']; // ... $isValid = register(); // validate productId (and save new settings) if (!$isValid) { redirectBrowserToURL('?menu=admin', true); exit; } } } } # program url / adminUrl if (array_key_exists('adminUrl', $_REQUEST)) { if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) { alert("Program URL must start with http:// or https://<br/>\n"); } if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) { alert("Program URL can not contain a ?<br/>\n"); } } # webPrefixUrl - v2.53 if (@$_REQUEST['webPrefixUrl'] != '') { if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL must start with /") . "<br/>\n"); } if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL cannot end with /") . "<br/>\n"); } } # upload url/dir if (array_key_exists('uploadDir', $_REQUEST)) { # if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); } } if (array_key_exists('uploadUrl', $_REQUEST)) { # if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); } # else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); } # if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); } $_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/'); // remove trailing slashes } # admin email if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) { alert("Admin Email must be a valid email (example: user@example.com)<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) { alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) { alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n"); } // error checking - session values $sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']); if ($sessionErrors) { alert($sessionErrors); } # show errors if (alert()) { showInterface('admin/general.php'); exit; } ### update global settings $globalSettings =& $SETTINGS; foreach (array_keys($globalSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $globalSettings[$key] = $_REQUEST[$key]; } } # update subsection settings $subsections = array('advanced', 'wysiwyg'); foreach ($subsections as $subsection) { $sectionSettings =& $SETTINGS[$subsection]; foreach (array_keys($sectionSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $sectionSettings[$key] = $_REQUEST[$key]; } } } # save to file saveSettings(); # return to admin home notice('Settings have been saved.'); showInterface($savePagePath); }