function dropTable()
{
global $tableNameWithPrefix, $APP;
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'database/listTables.php');
// drop MySQL table
$result = mysql_query("DROP TABLE `" . mysql_escape($tableNameWithPrefix) . "`") or die("Error dropping MySQL table:\n\n" . htmlencode(mysql_error()) . "\n");
// delete schema file
$tableNameWithoutPrefix = getTableNameWithoutPrefix($tableNameWithPrefix);
$schemaFilepath = DATA_DIR . "/schema/{$tableNameWithoutPrefix}.ini.php";
unlink($schemaFilepath);
// list tables
redirectBrowserToURL('?menu=database&action=listTables', true);
exit;
}
function user_logoff($redirectUrl = '')
{
loginCookie_remove();
// erase login cookie
$GLOBALS['CURRENT_USER'] = false;
// clear user global
// 2.52 - clear saved CMS session data
if (isset($_SESSION['lastRequest'])) {
unset($_SESSION['lastRequest']);
}
if (isset($_SESSION['_CRSFToken'])) {
unset($_SESSION['_CRSFToken']);
}
// v2.62
// redirect/refresh page
if (!$redirectUrl) {
$redirectUrl = $_SERVER['SCRIPT_NAME'];
}
redirectBrowserToURL($redirectUrl);
exit;
}
function categoryMoveDrag()
{
global $tableName, $escapedTableName, $isMyAccountMenu;
if ($isMyAccountMenu) {
die("Access not permitted for My Account menu!");
}
if (!isset($_REQUEST['sourceNum'])) {
die('sourceNum not set.');
}
if (!isset($_REQUEST['targetNum'])) {
die('targetNum not set.');
}
if (!isset($_REQUEST['position'])) {
die('position not set.');
}
$sourceNum = $_REQUEST['sourceNum'];
$targetNum = $_REQUEST['targetNum'];
$position = $_REQUEST['position'];
if (!is_numeric($sourceNum) || !is_numeric($targetNum)) {
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
// load categoriesByNum
$categoriesByNum = array();
$query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
while ($row = mysql_fetch_assoc($result)) {
$categoriesByNum[$row['num']] = $row;
$categoriesByNum[$row['num']]['oldSiblingOrder'] = $row['siblingOrder'];
}
if (is_resource($result)) {
mysql_free_result($result);
}
// update order
$parentNum = $position == 'child' ? $targetNum : $categoriesByNum[$targetNum]['parentNum'];
// Source cannot be made a child of its decendent.
$currParentNum = $categoriesByNum[$targetNum]['parentNum'];
while ($currParentNum) {
if ($currParentNum == $sourceNum) {
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
$currParentNum = $categoriesByNum[$currParentNum]['parentNum'];
}
$categoriesByNum[$sourceNum]['parentNum'] = $parentNum;
foreach (array_keys($categoriesByNum) as $num) {
$category =& $categoriesByNum[$num];
if ($category['parentNum'] != $parentNum) {
continue;
}
// only modify siblings on branch
$category['siblingOrder'] = 2 + $category['siblingOrder'] * 2;
// double space entries
unset($category);
}
//showme($categoriesByNum[$sourceNum]);
//showme($categoriesByNum[$targetNum]);
if ($position == 'child') {
$categoriesByNum[$sourceNum]['siblingOrder'] = 1;
// if adding as child, default to first sibling
} else {
if ($position == 'above') {
$categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] - 1;
} else {
if ($position == 'below') {
$categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] + 1;
}
}
}
//showme($categoriesByNum[$sourceNum]);
//showme($categoriesByNum[$targetNum]);
// save new sibling order
foreach ($categoriesByNum as $num => $category) {
if ($category['oldSiblingOrder'] == $category['siblingOrder']) {
continue;
}
// skip if order didn't change
$query = "UPDATE `{$escapedTableName}` SET ";
$query .= "`siblingOrder` = '" . mysql_escape($category['siblingOrder']) . "' ";
$query .= "WHERE num = '{$category['num']}'";
//showme($query);
mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
}
//exit;
// save new parent
$query = "UPDATE `{$escapedTableName}` SET ";
$query .= "`parentNum` = '" . mysql_escape($parentNum) . "' ";
$query .= "WHERE num = '{$sourceNum}'";
mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
// update global order, etc
updateCategoryMetadataDrag();
// refresh page
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
function getRequestedAction($defaultAction = '')
{
# parse action out of key format: name="action=sampleList" value="List"
# (the submit button value is often used for display purposes and can't be used to specify an action value)
foreach (array_keys($_REQUEST) as $key) {
if (strpos($key, 'action=') === 0 || strpos($key, '_action=') === 0) {
list($stringActionEquals, $actionValue) = explode("=", $key, 2);
$_REQUEST['_action'] = $actionValue;
}
}
# get actions
$action = '';
if (@$_REQUEST['_advancedActionSubmit'] && @$_REQUEST['_advancedAction']) {
// advanced commands can be urls or action values
if (startsWith('?', $_REQUEST['_advancedAction'])) {
redirectBrowserToURL($_REQUEST['_advancedAction']);
} else {
$action = $_REQUEST['_advancedAction'];
}
} elseif (@$_REQUEST['_action']) {
$action = $_REQUEST['_action'];
} elseif (@$_REQUEST['action']) {
$action = $_REQUEST['action'];
} elseif (@$_REQUEST['_defaultAction']) {
$action = $_REQUEST['_defaultAction'];
} else {
$action = $defaultAction;
}
#
return $action;
}
function installIfNeeded()
{
global $SETTINGS, $APP, $TABLE_PREFIX;
if (isInstalled()) {
return;
}
// skip if already installed
// rename default files
renameOrRemoveDefaultFiles();
// error checking
if ($SETTINGS['uploadDir'] && !is_dir($SETTINGS['uploadDir'])) {
print "Upload directory doesn't exist, please update 'uploadDir' in /data/" . SETTINGS_FILENAME . "<br/>\n";
print "Current uploadDir value: " . htmlencode($SETTINGS['uploadDir']) . "<br/>\n";
print "Suggested uploadDir value: uploads/ or ../uploads/<br/>\n";
exit;
}
// error checking
checkFilePermissions();
// display license
if (@$_REQUEST['menu'] == 'license') {
showInterface('license.php');
}
// save
if (@$_REQUEST['save']) {
// error checking
if (!$_REQUEST['licenseCompanyName']) {
alert("Please enter your 'Company Name'<br/>\n");
}
if (!$_REQUEST['licenseDomainName']) {
alert("Please enter your 'Domain Name'<br/>\n");
}
if (!$_REQUEST['licenseProductId']) {
alert("Please enter your 'Product Id'<br/>\n");
} else {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product Id!<br/>\n");
}
}
if (!$_REQUEST['agreeToOneInstall']) {
alert("Please check 'I agree not to use this 'Product Id' for multiple installs'<br/>\n");
}
if (!$_REQUEST['understandTermination']) {
alert("Please check 'I understand doing so may cause be to lose my right to use this software'<br/>\n");
}
if (!$_REQUEST['agreeToLicense']) {
alert("Please check 'I accept the terms of the License Agreement'<br/>\n");
}
if (!$_REQUEST['mysqlHostname']) {
alert("Please enter your 'MySQL Hostname'<br/>\n");
}
if (!$_REQUEST['mysqlDatabase']) {
alert("Please enter your 'MySQL Database'<br/>\n");
}
if (!$_REQUEST['mysqlUsername']) {
alert("Please enter your 'MySQL Username'<br/>\n");
}
if (!$_REQUEST['mysqlTablePrefix']) {
alert("Please enter your 'MySQL Table Prefix'<br/>\n");
} elseif (preg_match("/[A-Z]/", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must be lowercase.<br/>\n");
} elseif (!preg_match("/^[a-z]/i", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must start with a letter.<br/>\n");
} elseif (!preg_match("/_\$/", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must end in underscore.<br/>\n");
}
// New Installation
if (!@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['adminFullname']) {
alert("Please enter 'Admin Full Name'<br/>\n");
}
if (!$_REQUEST['adminEmail']) {
alert("Please enter 'Admin Email'<br/>\n");
} elseif (!isValidEmail($_REQUEST['adminEmail'])) {
alert("Please enter a valid email for 'Admin Email' (Example: user@example.com)<br/>\n");
}
if (!$_REQUEST['adminUsername']) {
alert("Please enter 'Admin Username'<br/>\n");
}
$passwordErrors = getNewPasswordErrors($_REQUEST['adminPassword1'], $_REQUEST['adminPassword2'], $_REQUEST['adminUsername']);
// v2.52
if ($passwordErrors) {
alert(nl2br(htmlencode($passwordErrors)));
}
}
// Restore from Backup
if (@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['restore']) {
alert("Please select a backup file to restore<br/>\n");
}
}
// Advanced - v2.53
if (!@$_REQUEST['useCustomSettingsFile']) {
if (is_file(SETTINGS_DEV_FILEPATH)) {
alert(t("You must select 'Use Custom Settings File' since a custom settings file for this domain already exists!") . "<br/>\n");
} elseif (isDevServer()) {
alert("This is a development server, you must select 'Use Custom Settings File'." . "<br/>\n");
}
}
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
// update settings (not saved unless there are no errors)
$SETTINGS['cookiePrefix'] = substr(md5(mt_rand()), 0, 5) . '_';
//v2.51 shortened prefix so it's easy to see full cookie names in browser cookie list
$SETTINGS['adminEmail'] = @$SETTINGS['adminEmail'] ? $SETTINGS['adminEmail'] : $_REQUEST['adminEmail'];
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
$SETTINGS['webRootDir'] = @$SETTINGS['webRootDir'] ? $SETTINGS['webRootDir'] : @$_SERVER['DOCUMENT_ROOT'];
$SETTINGS['mysql']['hostname'] = $_REQUEST['mysqlHostname'];
$SETTINGS['mysql']['database'] = $_REQUEST['mysqlDatabase'];
$SETTINGS['mysql']['username'] = $_REQUEST['mysqlUsername'];
$SETTINGS['mysql']['password'] = $_REQUEST['mysqlPassword'];
$SETTINGS['mysql']['tablePrefix'] = $_REQUEST['mysqlTablePrefix'];
$TABLE_PREFIX = $_REQUEST['mysqlTablePrefix'];
// update TABLE_PREFIX global as well.
$SETTINGS['webPrefixUrl'] = $_REQUEST['webPrefixUrl'];
// display errors
if (alert()) {
require "lib/menus/install.php";
exit;
}
// connect to mysql
$errors = connectToMySQL('returnErrors');
if ($errors) {
alert($errors);
require "lib/menus/install.php";
exit;
} else {
connectToMySQL();
}
// create schema tables
createMissingSchemaTablesAndFields();
clearAlertsAndNotices();
// don't show "created table/field" alerts
// New Installation: check if admin user already exists
if (!@$_REQUEST['restoreFromBackup']) {
$passwordHash = getPasswordDigest($_REQUEST['adminPassword1']);
$identicalUserExists = mysql_count('accounts', array('username' => $_REQUEST['adminUsername'], 'password' => $passwordHash, 'isAdmin' => '1'));
if (!$identicalUserExists) {
// if the don't exist, check if a user with the same username exists and show an error if they do
$count = mysql_count('accounts', array('username' => $_REQUEST['adminUsername']));
if (!$identicalUserExists && $count > 0) {
alert("Admin username already exists, please choose another.<br/>\n");
}
}
// create admin user
if (!$identicalUserExists && !alert()) {
mysqlStrictMode(false);
// disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET\n createdDate = NOW(),\n createdByUserNum = '0',\n updatedDate = NOW(),\n updatedByUserNum = '0',\n fullname = '" . mysql_escape($_REQUEST['adminFullname']) . "', email = '" . mysql_escape($_REQUEST['adminEmail']) . "',\n username = '******'adminUsername']) . "', password = '******',\n disabled = '0',\n isAdmin = '1',\n expiresDate = '0000-00-00 00:00:00',\n neverExpires = '1'") or alert("MySQL Error Creating Admin User:<br/>\n" . htmlencode(mysql_error()) . "\n");
// create accesslist entry
mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist` (userNum, tableName, accessLevel, maxRecords, randomSaveId)\n VALUES (LAST_INSERT_ID(), 'all', '9', NULL, '1234567890')") or alert("MySQL Error Creating Admin Access List:<br/>\n" . htmlencode(mysql_error()) . "\n");
}
}
// Restore from Backup: Restore backup file
if (@$_REQUEST['restoreFromBackup']) {
$userCount = mysql_count('accounts');
if ($userCount) {
$userTable = $TABLE_PREFIX . 'accounts';
$errorMessage = sprintf("Can't restore from backup because it would overwrite the %s existing user accounts in the specified database location.<br/>\n", $userCount);
$errorMessage .= sprintf("Try changing the MySQL Database or Table Prefix to restore to a different location, or remove existing users from '%s'.<br/>\n", $userTable);
alert($errorMessage);
} else {
// restore database
$filename = @$_REQUEST['restore'];
mysqlStrictMode(false);
// disable Mysql strict errors
restoreDatabase(DATA_DIR . '/backups/' . $filename);
notice("Restored backup file /data/backups/{$filename}");
makeAllUploadRecordsRelative();
}
}
// save settings
if (!alert()) {
saveSettings(@$_REQUEST['useCustomSettingsFile']);
isInstalled(true);
// save installed status
redirectBrowserToURL('?menu=home', true);
// refresh page
exitl;
}
}
// set defaults
if (!array_key_exists('licenseDomainName', $_REQUEST)) {
$_REQUEST['licenseDomainName'] = $_SERVER['HTTP_HOST'];
}
if (!array_key_exists('mysqlHostname', $_REQUEST)) {
$_REQUEST['mysqlHostname'] = $SETTINGS['mysql']['hostname'];
}
if (!array_key_exists('mysqlDatabase', $_REQUEST)) {
$_REQUEST['mysqlDatabase'] = $SETTINGS['mysql']['database'];
}
if (!array_key_exists('mysqlUsername', $_REQUEST)) {
$_REQUEST['mysqlUsername'] = $SETTINGS['mysql']['username'];
}
if (!array_key_exists('mysqlTablePrefix', $_REQUEST)) {
$_REQUEST['mysqlTablePrefix'] = $SETTINGS['mysql']['tablePrefix'];
}
// show form
require "lib/menus/install.php";
exit;
}
} elseif ($action == 'uploadModify') {
include 'lib/menus/default/uploadModify.php';
} elseif ($action == 'uploadErase') {
eraseUpload();
} elseif ($action == 'wysiwygUploads') {
include 'lib/menus/default/wysiwygUploads.php';
} elseif ($action == 'ajaxGetUsersAsPulldown') {
ajaxGetUsersAsPulldown();
} elseif ($action == 'ajaxUpdateListFieldOptions') {
ajaxUpdateListFieldOptions();
} elseif ($action == 'categoryMove') {
categoryMove();
} elseif ($action == 'editSection') {
redirectBrowserToURL('?menu=database&action=editTable&tableName=' . urlencode($tableName), true);
} elseif ($action == 'codeGenerator') {
redirectBrowserToURL('?menu=_codeGenerator&tableName=' . urlencode($tableName), true);
} else {
doAction('section_unknownAction', $tableName, $action);
alert("Unknown action '" . htmlencode($action) . "'");
showInterface('');
exit;
}
//
function ajaxUpdateListFieldOptions()
{
global $schema;
$fieldname = @$_REQUEST['fieldname'];
$fieldSchema = @$schema[$fieldname];
// error checking
if (!$fieldname) {
die("No fieldname specified!\n");
// check access level - admin only!
if (!$GLOBALS['CURRENT_USER']['isAdmin']) {
alert(t("You don't have permissions to access this menu."));
showInterface('');
}
// menu plugin hooks
addAction('section_preDispatch', '_pel_showModeNotice', null, 2);
addFilter('listHeader_displayLabel', '_pel_cmsList_messageColumn', null, 3);
addFilter('listRow_displayValue', '_pel_cmsList_messageColumn', null, 4);
// Prefix Menu with "Admin"
$GLOBALS['schema']['menuName'] = "Admin > " . $GLOBALS['schema']['menuName'];
// Dispatch Actions
if ($GLOBALS['action'] == 'clearLog') {
// clear error log
mysql_delete($GLOBALS['schema']['_tableName'], null, 'true');
redirectBrowserToURL("?menu=" . $GLOBALS['schema']['_tableName']);
}
// Let regular actionHandler run
$REDIRECT_FOR_CUSTOM_MENUS_DONT_EXIT = true;
return;
//
function _pel_showModeNotice($tableName, $action)
{
if ($action != 'list') {
return;
}
#$notice = sprintf(t("Send & Log - Send mail and save copies under <a href='%s'>Outgoing Mail</a>"), "?menu=_outgoing_mail");
$notice = t("Any PHP errors or warnings from the website or CMS will be logged here.");
$notice = t("Error Log") . ": " . $notice . " (<a href='?menu={$tableName}&action=clearLog'>" . t("Clear Log") . "</a>)";
notice($notice);
}
function admin_saveSettings($savePagePath)
{
global $SETTINGS, $APP;
// error checking
clearAlertsAndNotices();
// so previous alerts won't prevent saving of admin options
// security checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('settings', $savePagePath);
# license error checking
if (array_key_exists('licenseProductId', $_REQUEST)) {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product License ID!");
} else {
if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
// update settings
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
// ...
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
// ...
$isValid = register();
// validate productId (and save new settings)
if (!$isValid) {
redirectBrowserToURL('?menu=admin', true);
exit;
}
}
}
}
# program url / adminUrl
if (array_key_exists('adminUrl', $_REQUEST)) {
if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
alert("Program URL must start with http:// or https://<br/>\n");
}
if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
alert("Program URL can not contain a ?<br/>\n");
}
}
# webPrefixUrl - v2.53
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
# upload url/dir
if (array_key_exists('uploadDir', $_REQUEST)) {
# if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
}
if (array_key_exists('uploadUrl', $_REQUEST)) {
# if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
# else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
# if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
$_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
// remove trailing slashes
}
# admin email
if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
}
// error checking - session values
$sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
if ($sessionErrors) {
alert($sessionErrors);
}
# show errors
if (alert()) {
showInterface('admin/general.php');
exit;
}
### update global settings
$globalSettings =& $SETTINGS;
foreach (array_keys($globalSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$globalSettings[$key] = $_REQUEST[$key];
}
}
# update subsection settings
$subsections = array('advanced', 'wysiwyg');
foreach ($subsections as $subsection) {
$sectionSettings =& $SETTINGS[$subsection];
foreach (array_keys($sectionSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$sectionSettings[$key] = $_REQUEST[$key];
}
}
}
# save to file
saveSettings();
# return to admin home
notice('Settings have been saved.');
showInterface($savePagePath);
}