<?php
// TODO: call edit_area_compressor.php only from the combiner: combine.inc.php when constructing the edit_area.js file for the first time.
?>
<script type="text/javascript">
function confirmation()
{
var answer = <?php
echo strpos($cfg['verify_alert'], 'X') !== false ? 'confirm("' . $ccms['lang']['editor']['confirmclose'] . '")' : 'true';
?>
;
if(answer)
{
return !close_mochaUI_window_or_goto_url("<?php
echo makeAbsoluteURI($cfg['rootdir'] . 'admin/index.php');
?>
", 'sys-tmp_ccms');
}
return false;
}
<?php
$js_files = array($cfg['rootdir'] . 'lib/includes/js/the_goto_guy.js', $cfg['rootdir'] . 'lib/includes/js/mootools-core.js,mootools-more.js');
if ($cfg['USE_JS_DEVELOPMENT_SOURCES']) {
$js_files[] = $cfg['rootdir'] . 'lib/includes/js/edit_area/edit_area_ccms.js';
} else {
$js_files[] = $cfg['rootdir'] . 'lib/includes/js/edit_area/edit_area_ccms.js';
}
/*
$ownership[$pageID] = '';
}
$ownership[$pageID] .= '||' . $userID;
// add user; we'll trim leading '||' in phase 2
}
// blow away the old ownership set for ALL PAGES: we need to do this as the form will only send us those owners who are ASSIGNED (not the ones we REMOVED)
$values = array();
$values['user_ids'] = MySQL::SQLValue('', MySQL::SQLVALUE_TEXT);
if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values)) {
throw new FbX($db->MyDyingMessage());
}
// now update page ownership in the database (phase #2); order doesn't matter
foreach ($ownership as $page_id => $users) {
$users = ltrim($users, '|');
$values = array();
$values['user_ids'] = MySQL::SQLValue($users, MySQL::SQLVALUE_TEXT);
if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {
throw new FbX($db->MyDyingMessage());
}
}
header('Location: ' . makeAbsoluteURI('./content-owners.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['success'])));
exit;
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
public function croak_json($info_arr)
{
$err = array();
if (!empty(self::$feedback_url)) {
$q = self::$url_query_data;
if (!empty($q)) {
$q .= '&';
}
$extraq = $this->extra_url_query_data;
if (!empty($extraq)) {
$extraq .= '&';
}
$err['feedback_url'] = makeAbsoluteURI(self::$feedback_url . '?' . $q . $extraq);
} else {
// if we get here, this exception class hasn't been set up according to requirements. Barf a hairball.
$err['hairball'] = __CLASS__ . ": feedback URL missing - a programmer error. INTERNAL ERROR. Happened when reporting the nested exception.";
}
if (!empty($info_arr)) {
$err['info'] = $info_arr;
}
$err['message'] = $this->getMessage();
$err['code'] = $this->getCode();
$err['file'] = $this->getFile();
$err['line'] = $this->getLine();
echo json_encode(array('error' => $err));
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST) && checkAuth()) {
FbX::SetFeedbackLocation("permissions.Manage.php");
try {
// (!) Only administrators can change these values
if ($_SESSION['ccms_userLevel'] >= 4) {
// Execute UPDATE
$values = array();
// [i_a] make sure $values is an empty array to start with here
foreach ($_POST as $key => $value) {
$key = filterParam4IdOrNumber($key);
$setting = filterParam4Number($value);
if (empty($key) || empty($setting) && $value !== "0") {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
$perm->set($key, $value);
}
if ($perm->SavePermissions($db, $cfg['db_prefix'], false)) {
header('Location: ' . makeAbsoluteURI('permissions.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
$total = isset($_POST['userID']) ? count($_POST['userID']) : 0;
if ($total == 0) {
throw new FbX($ccms['lang']['system']['error_selection']);
}
// Delete details from the database
$i = 0;
foreach ($_POST['userID'] as $user_num) {
$user_num = filterParam4Number($user_num);
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['userID'] = MySQL::SQLValue($user_num, MySQL::SQLVALUE_NUMBER);
$result = $db->DeleteRows($cfg['db_prefix'] . 'users', $values);
$i++;
}
// Check for errors
if ($result && $i == $total) {
header('Location: ' . makeAbsoluteURI('user-management.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['fullremoved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__, "do_action={$do_action}, checkAuth=" . 1 * checkAuth());
}
die_and_goto_url(null, $logmsg);
}
// Unset all of the session variables.
$_SESSION = array();
// Destroy session
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
if (!empty($params['ccms_userID'])) {
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
// Generate a new session_id
session_regenerate_id();
// Finally, destroy the session.
if (session_destroy()) {
header('Location: ' . makeAbsoluteURI($loc));
exit;
}
if (empty($_SESSION['ccms_userID'])) {
header('Location: ' . makeAbsoluteURI($loc));
exit;
}
}
/*
-----------------------------------------------------------------
Further setup/init work for the entire admin section of the site:
-----------------------------------------------------------------
*/
try {
if (!empty($page_id)) {
FbX::SetFeedbackLocation('comment.Manage.php', 'page_id=' . $page_id);
// Only if current user has the rights
if ($perm->is_level_okay('manageModComment', $_SESSION['ccms_userLevel'])) {
$showMessage = getPOSTparam4Number('messages');
$showLocale = getPOSTparam4IdOrNumber('locale');
if (!empty($showMessage) && !empty($showLocale)) {
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['page_id'] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
$values['showMessage'] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
$values['showLocale'] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
// Insert or update configuration
if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgcomment', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
header('Location: ' . makeAbsoluteURI('comment.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
} else {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
$fd = @fopen($sqldumpfile, 'w');
if (!$fd) {
throw new FbX($ccms['lang']['system']['error_openfile'] . ": " . $sqldumpfile);
} else {
$out = fwrite($fd, $sqldump);
if (!$out) {
throw new FbX($ccms['lang']['system']['error_write'] . ": " . $sqldumpfile);
}
fclose($fd);
}
}
// else: error has already been registered before, no sweat, mate!
// and remove the progress info file:
@unlink($progressfile);
$msg = $ccms['lang']['backend']['newfilecreated'] . ', <a href="media/files/' . $backupName . '">' . strtolower($ccms['lang']['backup']['download']) . '</a>.';
echo json_encode(array('url' => makeAbsoluteURI('./backup-restore.Manage.php?status=notice&msg=' . rawurlencode($msg))));
exit;
} catch (CcmsAjaxFbException $e) {
if ($fd) {
fclose($fd);
}
if (!empty($progressfile)) {
@unlink($progressfile);
}
$e->croak_json();
}
}
/**
* Report the progress on the current backup in JSON format.
*/
if ($do_action == 'report_backup_progress') {
case 'png':
//imagepng($tmp_t, $thumbnail, 9);
$t = $dest . '/_thumbs/' . basename($f, pathinfo($f, PATHINFO_EXTENSION)) . '.jpg';
// could be done as pathinfo($f, PATHINFO_FILENAME), but that's for PHP 5.2+ only!
@unlink($t);
imagejpeg($tmp_t, $thumbnail, THUMBNAIL_JPEG_QUALITY);
break;
case 'gif':
imagegif($tmp_t, $thumbnail);
break;
default:
break;
}
imagedestroy($tmp_t);
imagedestroy($src);
}
}
header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['fullregenerated'])));
exit;
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} else {
throw new FbX($ccms['lang']['system']['error_forged']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
The real redirect-when-we're-not-the-top-page-itself magicking happens in the jump_if_not_top() function. jump_if_not_top2() is
here to make sure we invoke it only when it is actually available.
This means that EVERY admin page MUST load 'the_goto_guy.js', whether they use it themselves or not: the unlying code may decide
the session is invalid and go through here, where availability is required for suitable action.
*/
?>
function jump_if_not_top2()
{
if (typeof window.jump_if_not_top == 'function')
{
//alert('invoking jump_if_not_top');
window.jump_if_not_top("<?php
echo $_SERVER['PHP_SELF'];
?>
", "<?php
echo makeAbsoluteURI($_SERVER['PHP_SELF']);
?>
");
}
}
jump_if_not_top2();
</script>
<script type="text/javascript" src="<?php
echo $cfg['rootdir'];
?>
lib/includes/js/the_goto_guy.js?cb=jump_if_not_top2" charset="utf-8"></script>
</body>
</html>
//
$logmsg = 'INTERNAL ERROR!';
} else {
// Set system wide session variables for the 'switched user', but keep track of the existing (admin) user so that we can 'switch back' properly later on!
$_SESSION['ccms_isSwitchedUser'] = $_SESSION['ccms_userID'] . ':' . $_SESSION['ccms_userLevel'] . ':' . $_SESSION['ccms_userName'];
$_SESSION['ccms_userID'] = $row['userID'];
$_SESSION['ccms_userName'] = $row['userName'];
$_SESSION['ccms_userFirst'] = $row['userFirst'];
$_SESSION['ccms_userLast'] = $row['userLast'];
$_SESSION['ccms_userLevel'] = $row['userLevel'];
// [i_a] fix for session faking/hijack security issue:
// Setting safety variables as well: used for checkAuth() during the session.
SetAuthSafety();
unset($logmsg);
// Return functions result
header('Location: ' . makeAbsoluteURI($cfg['rootdir'] . 'admin/index.php'));
exit;
}
die_and_goto_url(null, $logmsg);
}
/*
* Clear the server-side caches: pages, browscap, combiner/log dumps, etc.
*/
if ($do_action == 'clearcaches' && $_SERVER['REQUEST_METHOD'] == 'GET' && checkAuth()) {
function recrmdir4cc($dir, $clean_all, $level)
{
$count = 0;
if (is_dir($dir)) {
$objects = scandir($dir);
foreach ($objects as $object) {
if ($object != "." && $object != "..") {
}
}
}
// Start session
check_session_sidpatch_and_start();
// Load MySQL Class and initiate connection
/*MARKER*/
require_once BASE_PATH . '/lib/class/mysql.class.php';
// Load generic functions
/*MARKER*/
require_once BASE_PATH . '/lib/includes/common.inc.php';
// Check first whether installation directory exists
$cfg['install_dir_exists'] = is_dir(BASE_PATH . '/_install/') && is_file(BASE_PATH . '/_install/index.php');
$cfg['install_dir_override'] = $cfg['IN_DEVELOPMENT_ENVIRONMENT'] || is_file(BASE_PATH . '/_install/install_check_override.txt');
if ($cfg['install_dir_exists'] && !$cfg['install_dir_override']) {
header('Location: ' . makeAbsoluteURI('./_install/index.php'));
exit;
}
/*
* initiate database connection; do this AFTER checking for the _install directory, because
* otherwise error reports from this init will have precedence over the _install-dir-exists
* error report!
*/
$db = new MySQL();
// LANGUAGE ==
// multilingual support per page through language cfg override:
$language = getGETparam4IdOrNumber('lang');
if (empty($language)) {
$language = $cfg['language'];
}
// blow away $cfg['language'] to ensure the language file(s) are loaded this time - it's our first anyhow.
function die_with_forged_failure_msg($filepath = __FILE__, $lineno = __LINE__, $extra = null)
{
global $ccms;
global $cfg;
$filepath = str_replace('\\', '/', $filepath);
$pos = strpos($filepath, BASE_PATH);
if ($pos !== false) {
$filepath = substr($filepath, $pos + strlen(BASE_PATH) + 1);
}
if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userName']) || !checkAuth()) {
$msg = $ccms['lang']['system']['error_session_expired'] . ' <sub>(' . $filepath . ', ' . $lineno . (!empty($extra) ? ', ' . $extra : '') . ')</sub>';
} else {
$msg = $ccms['lang']['system']['error_forged'] . ' <sub>(' . $filepath . ', ' . $lineno . (!empty($extra) ? ', ' . $extra : '') . ')</sub>';
}
if (!headers_sent()) {
header('Location: ' . makeAbsoluteURI($cfg['rootdir'] . 'lib/includes/auth.inc.php?status=error&msg=' . rawurlencode($msg)));
}
die($msg);
}
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageTemplate', $_SESSION['ccms_userLevel'])) {
$filenoext = getGETparam4FullFilePath('template');
$filename = BASE_PATH . '/lib/templates/' . $filenoext;
$content = getPOSTparam4RAWCONTENT('content');
// RAW CONTENT: the template may contain ANYTHING.
if (is_writable_ex($filename)) {
if (!($handle = fopen($filename, 'w'))) {
throw new FbX($ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
}
if (fwrite($handle, $content) === FALSE) {
fclose($handle);
throw new FbX($ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
}
// Do on success
fclose($handle);
header('Location: ' . makeAbsoluteURI('template-editor.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved']) . '&template=' . $filenoext));
exit;
} else {
throw new FbX($ccms['lang']['system']['error_chmod']);
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__, "do_action={$do_action}, checkAuth=" . 1 * checkAuth());