function saveUploadDetails()
{
global $TABLE_PREFIX;
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
// update uploads
if (is_array(@$_REQUEST['uploadNums'])) {
foreach ($_REQUEST['uploadNums'] as $uploadNum) {
if (!$uploadNum) {
die(__FUNCTION__ . ": No upload num specified!");
}
$query = "UPDATE `{$TABLE_PREFIX}uploads`\n";
$query .= " SET info1 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info1"]) . "',\n";
$query .= " info2 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info2"]) . "',\n";
$query .= " info3 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info3"]) . "',\n";
$query .= " info4 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info4"]) . "',\n";
$query .= " info5 = '" . mysql_escape(@$_REQUEST["{$uploadNum}_info5"]) . "'\n";
$query .= " WHERE num = '" . mysql_escape($uploadNum) . "' AND ";
if ($_REQUEST['num']) {
$query .= "recordNum = '" . mysql_escape($_REQUEST['num']) . "'";
} else {
if ($_REQUEST['preSaveTempId']) {
$query .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "'";
} else {
die("No value specified for 'num' or 'preSaveTempId'!");
}
}
mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n");
}
}
//
print "<script type='text/javascript'>self.parent.reloadIframe('{$_REQUEST['fieldName']}_iframe')</script>";
// reload uploadlist
print "<script type='text/javascript'>self.parent.tb_remove();</script>\n";
// close thickbox
exit;
}
function resetPassword()
{
global $CURRENT_USER, $SETTINGS;
$GLOBALS['sentEmail'] = false;
// error checking
if (!@$_REQUEST['userNum']) {
die("No 'userNum' value specified!");
}
if (!@$_REQUEST['resetCode']) {
die("No 'resetCode' value specified!");
}
if (!_isValidPasswordResetCode(@$_REQUEST['userNum'], @$_REQUEST['resetCode'])) {
alert(t("Password reset code has expired or is not valid. Try resetting your password again."));
showInterface('forgotPassword.php', false);
}
// load user
global $user;
$user = mysql_get(accountsTable(), (int) @$_REQUEST['userNum']);
// Lookup username or email
if (@$_REQUEST['submitForm']) {
security_dieUnlessPostForm();
security_dieOnInvalidCsrfToken();
disableInDemoMode('', 'resetPassword.php');
// error checking
$textErrors = getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $user['username']);
// v2.52
if ($textErrors) {
alert(nl2br(htmlencode($textErrors)));
showInterface('resetPassword.php');
exit;
}
// update password
$newPassword = getPasswordDigest($_REQUEST['password']);
mysql_update(accountsTable(), $user['num'], null, array('password' => $newPassword));
// show login
alert(t('Password updated!'));
$_REQUEST = array();
showInterface('login.php', false);
exit;
}
//
showInterface('resetPassword.php');
exit;
}
function categoryMoveDrag()
{
global $tableName, $escapedTableName, $isMyAccountMenu;
if ($isMyAccountMenu) {
die("Access not permitted for My Account menu!");
}
if (!isset($_REQUEST['sourceNum'])) {
die('sourceNum not set.');
}
if (!isset($_REQUEST['targetNum'])) {
die('targetNum not set.');
}
if (!isset($_REQUEST['position'])) {
die('position not set.');
}
$sourceNum = $_REQUEST['sourceNum'];
$targetNum = $_REQUEST['targetNum'];
$position = $_REQUEST['position'];
if (!is_numeric($sourceNum) || !is_numeric($targetNum)) {
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
// load categoriesByNum
$categoriesByNum = array();
$query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
while ($row = mysql_fetch_assoc($result)) {
$categoriesByNum[$row['num']] = $row;
$categoriesByNum[$row['num']]['oldSiblingOrder'] = $row['siblingOrder'];
}
if (is_resource($result)) {
mysql_free_result($result);
}
// update order
$parentNum = $position == 'child' ? $targetNum : $categoriesByNum[$targetNum]['parentNum'];
// Source cannot be made a child of its decendent.
$currParentNum = $categoriesByNum[$targetNum]['parentNum'];
while ($currParentNum) {
if ($currParentNum == $sourceNum) {
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
$currParentNum = $categoriesByNum[$currParentNum]['parentNum'];
}
$categoriesByNum[$sourceNum]['parentNum'] = $parentNum;
foreach (array_keys($categoriesByNum) as $num) {
$category =& $categoriesByNum[$num];
if ($category['parentNum'] != $parentNum) {
continue;
}
// only modify siblings on branch
$category['siblingOrder'] = 2 + $category['siblingOrder'] * 2;
// double space entries
unset($category);
}
//showme($categoriesByNum[$sourceNum]);
//showme($categoriesByNum[$targetNum]);
if ($position == 'child') {
$categoriesByNum[$sourceNum]['siblingOrder'] = 1;
// if adding as child, default to first sibling
} else {
if ($position == 'above') {
$categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] - 1;
} else {
if ($position == 'below') {
$categoriesByNum[$sourceNum]['siblingOrder'] = $categoriesByNum[$targetNum]['siblingOrder'] + 1;
}
}
}
//showme($categoriesByNum[$sourceNum]);
//showme($categoriesByNum[$targetNum]);
// save new sibling order
foreach ($categoriesByNum as $num => $category) {
if ($category['oldSiblingOrder'] == $category['siblingOrder']) {
continue;
}
// skip if order didn't change
$query = "UPDATE `{$escapedTableName}` SET ";
$query .= "`siblingOrder` = '" . mysql_escape($category['siblingOrder']) . "' ";
$query .= "WHERE num = '{$category['num']}'";
//showme($query);
mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
}
//exit;
// save new parent
$query = "UPDATE `{$escapedTableName}` SET ";
$query .= "`parentNum` = '" . mysql_escape($parentNum) . "' ";
$query .= "WHERE num = '{$sourceNum}'";
mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
// update global order, etc
updateCategoryMetadataDrag();
// refresh page
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
function submitFormViaAjax()
{
global $schema;
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'ajax');
// auto-assign separator and relatedRecords fieldnames
if ($_REQUEST['type'] == 'separator' || $_REQUEST['type'] == 'relatedRecords') {
if ($_REQUEST['fieldname'] == '') {
// new field
$newFieldname = '';
$count = '001';
while (!$newFieldname || array_key_exists($newFieldname, $schema)) {
$newFieldname = "__{$_REQUEST['type']}{$count}__";
$count = str_pad(++$count, 3, '0', STR_PAD_LEFT);
}
$_REQUEST['newFieldname'] = $newFieldname;
} else {
$_REQUEST['newFieldname'] = $_REQUEST['fieldname'];
}
}
// support MySQL Column Type dropdown supplying a value
if (@$_REQUEST['customColumnType-select'] !== '_customColumnType_') {
$_REQUEST['customColumnType'] = @$_REQUEST['customColumnType-select'];
}
// Separator - Use label for header
if ($_REQUEST['type'] == 'separator' && @$_REQUEST['label'] != '') {
$_REQUEST['separatorType'] = 'header bar';
$_REQUEST['separatorHeader'] = $_REQUEST['label'];
$_REQUEST['label'] = '';
// blank out label so we don't save it
}
// Note: 'order' is a MySQL keyword that causes errors if not escaped, that's why it's reserved
$reservedFieldnames = "menu menuName menuType menuOrder menuHidden tableHidden listPageFields listPageOrder listPageSearchFields length order action page";
// _fields aren't allow by default
$fieldnameChanged = $_REQUEST['fieldname'] && $_REQUEST['fieldname'] != $_REQUEST['newFieldname'];
$isFieldnameReserved = preg_match("/\\b\\Q{$_REQUEST['newFieldname']}\\E\\b/i", $reservedFieldnames);
$typeNoneFields = array('num', 'createdDate', 'createdByUserNum', 'updatedDate', 'updatedByUserNum', 'dragSortOrder');
$typeDateFields = array('publishDate', 'removeDate');
$typeCheckboxFields = array('neverRemove', 'hidden');
// error checking
$errors = '';
if (@$_REQUEST['tableName'] == '') {
$errors .= "no 'tableName' specified!\n";
}
if (@$_REQUEST['type'] == '') {
$errors .= "no field 'type' specified!\n";
}
if (!$_REQUEST['type']) {
$errors .= "You must enter a value for 'Field Type'\n";
}
if (!@$_REQUEST['newFieldname']) {
$errors .= "You must enter a value for 'Field Name'\n";
} elseif (preg_match('/[^a-z0-9\\_\\-]/i', $_REQUEST['newFieldname'])) {
$errors .= "'Field Name' can only contain the following characters (a-z, A-Z, 0-9, - and _)\n";
} elseif (preg_match('/^_/i', $_REQUEST['newFieldname']) && $_REQUEST['type'] != 'separator' && $_REQUEST['type'] != 'relatedRecords') {
$errors .= "'Field Name' cannot start with an underscore\n";
} elseif ($isFieldnameReserved) {
$errors .= "Selected fieldname is reserved, please choose another.\n";
} elseif ($fieldnameChanged && @$schema[$_REQUEST['newFieldname']]) {
$errors .= "Selected fieldname is already in use, please choose another.\n";
}
if (@$_REQUEST['useCustomUploadDir']) {
# if (!preg_match('/\/$/', $_REQUEST['customUploadDir'])) { $errors .= "Upload Directory Path must end with a slash! (eg: products/ or /www/htdocs/uploads/products/)\n"; }
# if (!preg_match('/\/$/', $_REQUEST['customUploadUrl'])) { $errors .= "Upload Folder Url must end with a slash! (eg: products/ or /www/htdocs/uploads/products/)\n"; }
}
if (in_array($_REQUEST['newFieldname'], $typeNoneFields) && $_REQUEST['type'] != 'none') {
$errors .= "Field '{$_REQUEST['newFieldname']}' must be set to type 'none'\n";
}
if (in_array($_REQUEST['newFieldname'], $typeDateFields) && $_REQUEST['type'] != 'date') {
$errors .= "Field '{$_REQUEST['newFieldname']}' must be set to type 'date'\n";
}
if (in_array($_REQUEST['newFieldname'], $typeCheckboxFields) && $_REQUEST['type'] != 'checkbox') {
$errors .= "Field '{$_REQUEST['newFieldname']}' must be set to type 'checkbox'\n";
}
if ($_REQUEST['type'] == 'textfield' && @$_REQUEST['charsetRule'] && preg_match("/\\-./", @$_REQUEST['charset'])) {
$errors .= "Allowed Content: If character list contains a dash it must be the last character!\n";
}
if ($_REQUEST['type'] == 'upload' || $_REQUEST['type'] == 'wysiwyg') {
if (@$_REQUEST['resizeOversizedImages']) {
if ($_REQUEST['maxImageHeight'] == '') {
$errors .= "Resize images: Please specify a value for Max Image Height!\n";
}
if (preg_match('/[^0-9\\_]/i', $_REQUEST['maxImageHeight'])) {
$errors .= "Resize images: Max Image Height must be a numeric value!\n";
}
if ($_REQUEST['maxImageWidth'] == '') {
$errors .= "Resize images: Please specify a value for Max Image Width!\n";
}
if (preg_match('/[^0-9\\_]/i', $_REQUEST['maxImageWidth'])) {
$errors .= "Resize images: Max Image Width must be a numeric value!\n";
}
}
foreach (array('', 2, 3, 4) as $num) {
if (@$_REQUEST["createThumbnails{$num}"]) {
$fieldLabel = "Create thumbnail" . ($num ? "({$num})" : '');
if ($_REQUEST["maxThumbnailHeight{$num}"] == '') {
$errors .= "{$fieldLabel}: Please specify a value for Max Image Height!\n";
}
if (preg_match('/[^0-9\\_]/i', $_REQUEST["maxThumbnailHeight{$num}"])) {
$errors .= "{$fieldLabel}: Max Image Height must be a numeric value!\n";
}
if ($_REQUEST["maxThumbnailWidth{$num}"] == '') {
$errors .= "{$fieldLabel}: Please specify a value for Max Image Width!\n";
}
if (preg_match('/[^0-9\\_]/i', $_REQUEST["maxThumbnailWidth{$num}"])) {
$errors .= "{$fieldLabel}: Max Image Width must be a numeric value!\n";
}
}
}
}
if ($errors) {
print $errors;
exit;
}
// update mysql first to get any MySQL errors before updating schema
_updateMySQL();
//
_updateSchema($schema);
}
<?php
global $tableName, $schema, $escapedTableName, $isMyAccountMenu;
// Check if old record exists and load it
$query = mysql_escapef("SELECT * FROM `{$escapedTableName}` WHERE num = ? LIMIT 1", @$_REQUEST['num']);
$oldRecord = mysql_get_query($query);
$recordExists = $oldRecord;
$isNewRecord = !$oldRecord;
//
doAction('record_presave', $tableName, $isNewRecord, $oldRecord);
//
$mySqlColsAndTypes = getMySqlColsAndType($escapedTableName);
$newRecordValues = _getRecordValuesFromFormInput();
### Security Checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
### error checking
$inputErrors = '';
$maxRecordError = $recordExists ? '' : showMaxRecordsError('returnText');
if ($maxRecordError) {
$inputErrors = $maxRecordError;
} elseif (@$schema['_disableAdd'] && !$recordExists) {
$inputErrors = t('Adding records has been disabled for this section!') . "\n";
} elseif (@$schema['_disableModify'] && $recordExists) {
$inputErrors = t('Modifying records has been disabled for this section!') . "\n";
} else {
$inputErrors = _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues);
}
if ($inputErrors) {
die($inputErrors);
function adminLoginMenu()
{
global $CURRENT_USER;
// login menu actions
$action = @$_REQUEST['action'];
if ($action == 'logoff') {
user_logoff();
exit;
}
if ($action == 'loginSubmit') {
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
foreach (array('username', 'password') as $field) {
// v2.52 remove leading and trailing whitespace (for usability, users accidentally add whitespace)
$_REQUEST[$field] = preg_replace("/^\\s+|\\s+\$/s", '', @$_REQUEST[$field]);
}
loginCookie_set(@$_REQUEST['username'], getPasswordDigest(@$_REQUEST['password']));
}
// load current user
$CURRENT_USER = getCurrentUser($loginExpired);
// report any errors
$errors = '';
if ($loginExpired) {
$errors .= t("You've been logged out due to inactivity, please login again to continue.");
} else {
if (!$CURRENT_USER && $action == 'loginSubmit') {
$errors .= t("Invalid username or password");
} else {
if (@$CURRENT_USER['disabled']) {
$errors .= t("Your account has been disabled.");
} else {
if (@$CURRENT_USER['isExpired']) {
$errors .= t("Your account has expired.");
}
}
}
}
if ($errors) {
alert($errors);
loginCookie_remove();
// if data in login cookie is invalid, remove login cookie so we don't keep checking it
$CURRENT_USER = false;
// if login is invalid, clear user variable
usleep(mt_rand(1000000, 3000000));
// sleep somewhere between 1-3 seconds to delay brute force attacks (random sleep time makes it so attacker can't assume slow response is failed password)
}
// if no logged in user
if (!$CURRENT_USER) {
// perform login screen maintenance actions - useful place to run common operations
if (!$action) {
createMissingSchemaTablesAndFields();
// create/update missing schemas, etc
// show helpful messages
if (!mysql_count('accounts')) {
alert(t("There are no user accounts in the database."));
}
}
// show login screen if user not logged in
showInterface('login.php', false);
exit;
}
// if user logged in
if ($CURRENT_USER) {
// reset login cookie (to update lastAccess time used to track session expiry)
loginCookie_set(@$CURRENT_USER['username'], getPasswordDigest(@$CURRENT_USER['password']));
// redirect to last url - on valid login
$redirectUrl = @$_REQUEST['redirectUrl'];
if ($redirectUrl) {
redirectBrowserToURL($redirectUrl, true);
exit;
}
}
}
function addTable()
{
global $TABLE_PREFIX, $APP;
$menuType = @$_REQUEST['menuType'];
$presetTableName = @$_REQUEST['presetName'];
$advancedType = @$_REQUEST['advancedType'];
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'ajax');
// error checking
$errors = '';
if (!$menuType) {
$errors .= "No menu type selected!\n";
}
if (!@$_REQUEST['menuName']) {
$errors .= "No menu name specified!\n";
}
$errors .= getTablenameErrors(@$_REQUEST['tableName']);
$newSchema = null;
if ($menuType == 'copy') {
if ($errors) {
die($errors);
}
$sourceSchemaName = @$_REQUEST['copy'];
if (!in_array($sourceSchemaName, getSchemaTables())) {
die("Couldn't load source schema");
}
$newSchema = loadSchema($sourceSchemaName) or die("Couldn't load source schema");
} else {
if ($menuType == 'preset') {
$schemaPresets = getSchemaPresets();
$presetFound = array_key_exists(@$_REQUEST['preset'], $schemaPresets);
if (!@$_REQUEST['preset']) {
$errors .= "You must select a preset from the pulldown!\n";
} elseif (!$presetFound) {
$errors .= "No schema preset file found for '" . htmlencode($presetTableName) . "'\n";
}
}
if ($errors) {
die($errors);
}
// create new schema data
if ($menuType == 'single') {
$presetTableName = "customSingle";
} elseif ($menuType == 'multi') {
$presetTableName = "customMulti";
} elseif ($menuType == 'preset') {
$presetTableName = @$_REQUEST['preset'];
} elseif ($menuType == 'advanced' && $advancedType == 'category') {
$presetTableName = "customCategory";
} elseif ($menuType == 'advanced' && $advancedType == 'textlink') {
$presetTableName = "customTextLink";
} elseif ($menuType == 'advanced' && $advancedType == 'menugroup') {
$presetTableName = "customMenuGroup";
} else {
die("Unable to determine preset table name to load!");
}
$schemaPresetDir = DATA_DIR . "/schemaPresets/";
$newSchema = loadSchema($presetTableName, $schemaPresetDir) or die("Couldn't load preset schema");
}
$newSchema['menuName'] = @$_REQUEST['menuName'];
// change menu name
$newSchema['menuOrder'] = time();
// use time to sort to bottom
// create mysql table
// (this isn't required but done here so we catch get mysql errors creating the table)
// createMissingSchemaTablesAndFields() creates if this doesn't.
$tableNameWithPrefix = $TABLE_PREFIX . @$_REQUEST['tableName'];
$result = mysql_query("CREATE TABLE `" . mysql_escape($tableNameWithPrefix) . "` (\n num int(10) unsigned NOT NULL auto_increment,\n PRIMARY KEY (num)\n ) ENGINE=MyISAM DEFAULT CHARSET=utf8;");
if (!$result) {
print "Error creating MySQL table.\n\nMySQL error was: " . htmlencode(mysql_error()) . "\n";
exit;
}
// save new schema
saveSchema(@$_REQUEST['tableName'], $newSchema);
// Create schema table and fields in MySQL
createMissingSchemaTablesAndFields();
clearAlertsAndNotices();
// don't display alerts about adding new fields
exit;
// this is called with ajax so returning nothing means success - see: addTable_functions.js - initSubmitFormWithAjax
}
function eraseUpload()
{
global $tableName, $escapedTableName;
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'ajax');
// error checking
if (!array_key_exists('fieldName', $_REQUEST)) {
die("no 'fieldName' value specified!");
}
if (!array_key_exists('uploadNum', $_REQUEST)) {
die("no 'uploadNum' value specified!");
}
// create where query
$where = "";
if ($_REQUEST['num']) {
$where .= "recordNum = '" . mysql_escape($_REQUEST['num']) . "' AND ";
} else {
if ($_REQUEST['preSaveTempId']) {
$where .= "preSaveTempId = '" . mysql_escape($_REQUEST['preSaveTempId']) . "' AND ";
} else {
die("No value specified for 'num' or 'preSaveTempId'!");
}
}
$where .= "num = '" . mysql_escape($_REQUEST['uploadNum']) . "' AND ";
$where .= "tableName = '" . mysql_escape($tableName) . "' AND ";
$where .= "fieldName = '" . mysql_escape($_REQUEST['fieldName']) . "'";
$count = removeUploads($where);
//
if ($count == 0) {
die("Upload not found!");
}
// this function is called via ajax, any output will be returns as errors with javascript alert
exit;
}
function admin_saveSettings($savePagePath)
{
global $SETTINGS, $APP;
// error checking
clearAlertsAndNotices();
// so previous alerts won't prevent saving of admin options
// security checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('settings', $savePagePath);
# license error checking
if (array_key_exists('licenseProductId', $_REQUEST)) {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product License ID!");
} else {
if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
// update settings
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
// ...
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
// ...
$isValid = register();
// validate productId (and save new settings)
if (!$isValid) {
redirectBrowserToURL('?menu=admin', true);
exit;
}
}
}
}
# program url / adminUrl
if (array_key_exists('adminUrl', $_REQUEST)) {
if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
alert("Program URL must start with http:// or https://<br/>\n");
}
if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
alert("Program URL can not contain a ?<br/>\n");
}
}
# webPrefixUrl - v2.53
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
# upload url/dir
if (array_key_exists('uploadDir', $_REQUEST)) {
# if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
}
if (array_key_exists('uploadUrl', $_REQUEST)) {
# if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
# else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
# if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
$_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
// remove trailing slashes
}
# admin email
if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
}
// error checking - session values
$sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
if ($sessionErrors) {
alert($sessionErrors);
}
# show errors
if (alert()) {
showInterface('admin/general.php');
exit;
}
### update global settings
$globalSettings =& $SETTINGS;
foreach (array_keys($globalSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$globalSettings[$key] = $_REQUEST[$key];
}
}
# update subsection settings
$subsections = array('advanced', 'wysiwyg');
foreach ($subsections as $subsection) {
$sectionSettings =& $SETTINGS[$subsection];
foreach (array_keys($sectionSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$sectionSettings[$key] = $_REQUEST[$key];
}
}
}
# save to file
saveSettings();
# return to admin home
notice('Settings have been saved.');
showInterface($savePagePath);
}
function eraseField()
{
global $TABLE_PREFIX, $schema;
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'ajax');
$tableName = $_REQUEST['tableName'];
$fieldname = $_REQUEST['fieldname'];
if (!$tableName) {
die("no tableName specified!\n");
}
if (!$fieldname) {
die("no tableName specified!\n");
}
// erase from schema
unset($schema[$fieldname]);
saveSchema($tableName, $schema);
// erase from mySQL
$columnType = getMysqlColumnType($tableName, $fieldname);
if ($columnType != '') {
$result = mysql_query("ALTER TABLE `" . mysql_escape($tableName) . "`\n DROP COLUMN `" . mysql_escape($fieldname) . "`") or die("There was an error removing the MySQL Column, the error was:\n\n" . htmlencode(mysql_error()) . "\n");
}
// expire uploads (mark files for erasing by blanking out fieldname - they get erased when upload form is submitted)
$tableNameWithoutPrefix = getTableNameWithoutPrefix($tableName);
$query = "UPDATE `{$TABLE_PREFIX}uploads`";
$query .= " SET fieldName = ''";
$query .= " WHERE fieldName = '" . mysql_escape($fieldname) . "' AND";
$query .= " tableName = '" . mysql_escape($tableNameWithoutPrefix) . "'";
mysql_query($query) or die("There was an error erasing old uploads:\n\n" . htmlencode(mysql_error()) . "\n");
// this function is called via ajax. Output is returned as errors via javascript alert. Output nothing on success.
exit;
}