<?php // [nyxIn/admin/galleries_customization.php] // // This file deals with the management of the staff. Staff accounts are // created, renamed and deleted here. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('manage_staff')) == true) { ?> <h2>Manage Staff</h2> <?php if ($nyxIn_Admin_Action == "create_staff") { if (isset($_POST['staff_account_username']) && $_POST['staff_account_username'] != "") { $staff_account_username = $nyxIn['db']->real_escape_string($_POST['staff_account_username']); } else { $fail = 1; } if (isset($_POST['staff_account_password']) && $_POST['staff_account_password'] != "") { $staff_account_password = $nyxIn['db']->real_escape_string($_POST['staff_account_password']); $staff_account_password = sha1($staff_account_password); } else { $fail = 1; } if (isset($_POST['staff_account_class_id']) && $_POST['staff_account_class_id'] != "") { $staff_account_class_id = $nyxIn['db']->real_escape_string($_POST['staff_account_class_id']); } else { $fail = 1;
<?php // [nyxIn/admin/gallery_organization.php] // // This file deals with organization and display of pictures in a gallery. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('gallery_organization'))) { ?> <h2>Image Organization</h2> <?php $gallery_id = 0; if ($nyxIn_Admin_Action == "select_gallery") { if (isset($_POST['gallery_id']) && $_POST['gallery_id'] != "") { $gallery_id = $_POST['gallery_id']; } else { $fail = 1; } } else { if ($nyxIn_Admin_Action == "organize_gallery") { if (isset($_POST['gallery_id']) && $_POST['gallery_id'] != "") { $gallery_id = $_POST['gallery_id']; } else { $fail = 1; } if (isset($_POST['organized_images']) && $_POST['organized_images'] != "") { $organized_images = $_POST['organized_images']; } else {
<?php // [nyxIn/admin/reset.php] // // This file let's an Administrator reset the nyxIn Gallery with ease. // This file is preferably used after the Administrator has familiarized // with nyxIn's UI and is in the need to reset the installation in order // to prepare for an actual Gallery. This file has proven itself useful // during the development of nyxIn. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('reset'))) { ?> <h2>Reset</h2> <?php if ($nyxIn_Admin_Action == "reset_images") { if (isset($_POST['password_check']) && $_POST['password_check'] != "") { $password_check = sha1($_POST['password_check']); $nyxQuery_SelectStaff = $nyxIn['db']->query("SELECT * FROM " . $nyxIn['db_prefix'] . "staff WHERE username='******'nyxIn_Admin']['username'] . "' AND password_hash='{$password_check}'") or die($nyxIn['db']->error); if ($nyxQuery_SelectStaff->num_rows == 1) { } else { $fail = 1; } } else { $fail = 1; } if ($fail == 0) { $nyxIn['db']->query("TRUNCATE " . $nyxIn['db_prefix'] . "images") or die($nyxIn['db']->error);
<?php // [nyxIn/admin/moderate_images.php] // // This file allows staff members to moderate the uploaded images. Most // of this file is powered by Javascript. This file is important if the // perference [Moderated Image Only] is set to 1. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('moderate_images'))) { ?> <h2>Moderate Images</h2> <?php $gallery_id = 0; if ($nyxIn_Admin_Action == "moderate") { if (isset($_POST['moderate_image']) && $_POST['moderate_image'] != "") { $moderate_images = $_POST['moderate_image']; } else { $fail = 1; } if ($fail == 0) { foreach ($moderate_images as $image_id => $moderate_status) { if ($moderate_status == 0) { } else { if ($moderate_status == 1) { $nyxIn['db']->query("UPDATE " . $nyxIn['db_prefix'] . "images SET moderation_status='1' WHERE id='{$image_id}'") or die($nyxIn['db']->error); } else { if ($moderate_status == 2) {
<?php // [nyxIn/admin/galleries_management.php] // // This file deals with the management of the Gallery as a whole, and // not the individual galleries themselves. Galleries are created, // renamed, moved and deleted here. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('galleries_management'))) { ?> <h2>Galleries Management</h2> <?php if ($nyxIn_Admin_Action == "create_gallery") { if (isset($_POST['parent_id']) && $_POST['parent_id'] != "") { $parent_id = $nyxIn['db']->real_escape_string($_POST['parent_id']); } else { $fail = 1; } if (isset($_POST['galleries_name']) && $_POST['galleries_name'] != "") { $galleries_name = $nyxIn['db']->real_escape_string($_POST['galleries_name']); } else { $fail = 1; } if ($fail == 0) { $nyxIn['db']->query("INSERT INTO " . $nyxIn['db_prefix'] . "galleries (parent_id, name, thumbnail) VALUES('{$parent_id}','{$galleries_name}', '')") or die($nyxIn['db']->error); } } else {
<?php // [nyxIn/admin/galleries_customization.php] // // This file deals with the management of the Gallery as a whole, and // not the individual galleries themselves. Galleries are created, // renamed, moved and deleted here. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('gallery_customization'))) { ?> <h2>Gallery Customization</h2> <?php $gallery_id = 0; if ($nyxIn_Admin_Action == "select_gallery") { if (isset($_POST['gallery_id']) && $_POST['gallery_id'] != "") { $gallery_id = $_POST['gallery_id']; } else { $fail = 1; } } else { if ($nyxIn_Admin_Action == "customize_gallery") { if (isset($_POST['gallery_id']) && $_POST['gallery_id'] != "") { $gallery_id = $_POST['gallery_id']; } else { $fail = 1; } if (isset($_POST['gallery_name']) && $_POST['gallery_name'] != "") {
<?php // [nyxIn/admin/upload.php] // // This file deals with the forms for the uploading of images. The // used was the File Uploader by Andrew Valums. His Github can // be found here: https://github.com/valums and the page for the file // uploader can be found on https://github.com/valums/file-uploader. // // Anti-Exploit Check if(!isset($_COOKIE['nyxIn_Admin']['id'])) { die(); } if(nyxInRequirePermissions(array('upload'))) { ?> <h2>Upload Pictures</h2> <script src="admin/upload_assets/fileuploader.js" type="text/javascript"></script> <link href="admin/upload_assets/fileuploader.css" rel="stylesheet" type="text/css"> <div id="nyxIn_Admin_Content"> <script> function createUploader(gallery_id, gallery_name, hasSubGroups){ var uploader = new qq.FileUploader({ nyxInID: gallery_id, nyxInHeading: gallery_name, nyxhasSubGroups: hasSubGroups, element: document.getElementById('nyxIn-upload_'+gallery_id), action: 'uploadHandler.php?gallery_id='+gallery_id, debug: true }); }
<?php // [nyxIn/admin/preferences.php] // // This file deals with the main preferences of the Gallery. Preferably, // only an Administrator should be allowed to access this file. // Maintenance Mode, the Number of Columns and Moderated Image Only along // with other incredibly important variables can be changed here. // // Anti-Exploit Check if (!isset($_COOKIE['nyxIn_Admin']['id'])) { die; } if (nyxInRequirePermissions(array('preferences'))) { ?> <h2>Preferences</h2> <?php if ($nyxIn_Admin_Action == "update_preferences") { if (isset($_POST['preferences'])) { $preferences = $_POST['preferences']; } else { $fail = 1; } if ($fail == 0) { foreach ($preferences as $preference_id => $value) { $nyxIn['db']->query("UPDATE " . $nyxIn['db_prefix'] . "preferences SET value='{$value}' WHERE id='{$preference_id}'") or die($nyxIn['db']->error); } } } ?> <div id="nyxIn_Admin_Content">
<?php // [nyxIn/admin/manage_staff_classes.php] // // This file deals with the management of the staff classes, mainly, // permissions are set here. // // Anti-Exploit Check if(!isset($_COOKIE['nyxIn_Admin']['id'])) { die(); } if(nyxInRequirePermissions(array('manage_staff_classes'))) { ?> <h2>Manage Staff Classes</h2> <?php $class_id = 0; if($nyxIn_Admin_Action=="create_class") { if(isset($_POST['permission_count'])&&($_POST['permission_count']!="")) { $permission_count = $_POST['permission_count']; } else { $fail = 1; } if(isset($_POST['class_name'])&&($_POST['class_name']!="")) { $class_name = $_POST['class_name']; } else { $fail = 1; } if($fail==0) {