define('CST_ADMIN_OPML_IMPORT_WIPE', 1); define('CST_ADMIN_OPML_IMPORT_FOLDER', 2); define('CST_ADMIN_OPML_IMPORT_MERGE', 3); $auth = rss_user_check_user_level(RSS_USER_LEVEL_ADMIN); if (!$auth) { // check whether the admin password has been set. $sql = "select uname,password from " . getTable('users') . " where ulevel=99"; list($dummy, $__pw__) = rss_fetch_row(rss_query($sql)); if ($__pw__ == '') { $admin_uname = null; $admin_pass = null; if (isset($_POST['username']) && isset($_POST['password'])) { $admin_uname = $_POST['username']; $admin_pass = $_POST['password']; } set_admin_pass($admin_uname, $admin_pass); } else { rss_login_form(); exit; } } admin_header(); admin_main($auth); admin_footer(); /////////////////////////////////////////////////////////////////////////////////////////// /** * main function. checks for authorization and renders the * required admin section. */ function admin_main($authorised) {
echo "</form>\n</div>\n"; closetable(); } } if (isset($_POST['update_admin']) && (isset($_GET['user_id']) && isnum($_GET['user_id']) && $_GET['user_id'] != 1)) { if (check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) { if (isset($_POST['rights'])) { $user_rights = ""; for ($i = 0; $i < count($_POST['rights']); $i++) { $user_rights .= ($user_rights != "" ? "." : "") . stripinput($_POST['rights'][$i]); } $result = dbquery("UPDATE " . DB_USERS . " SET user_rights='{$user_rights}' WHERE user_id='" . $_GET['user_id'] . "' AND user_level>='102'"); } else { $result = dbquery("UPDATE " . DB_USERS . " SET user_rights='' WHERE user_id='" . $_GET['user_id'] . "' AND user_level>='102'"); } set_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : ""); redirect(FUSION_SELF . $aidlink . "&status=su", true); } else { redirect(FUSION_SELF . $aidlink . "&status=pw"); } } if (isset($_GET['edit']) && isnum($_GET['edit']) && $_GET['edit'] != 1) { $result = dbquery("SELECT user_name, user_rights FROM " . DB_USERS . " WHERE user_id='" . $_GET['edit'] . "' AND user_level>='102' ORDER BY user_id"); if (dbrows($result)) { $data = dbarray($result); $user_rights = explode(".", $data['user_rights']); $result2 = dbquery("SELECT admin_rights, admin_title, admin_page FROM " . DB_ADMIN . " ORDER BY admin_page ASC,admin_title"); opentable($locale['440'] . " [" . $data['user_name'] . "]"); $columns = 2; $counter = 0; $page = 1;
$download_types = form_sanitizer($_POST['download_types'], '', 'download_types'); $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_types}' WHERE settings_name='download_types'") : ''; $download_screen_max_w = form_sanitizer($_POST['download_screen_max_w'], 0, 'download_screen_max_w'); $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_w}' WHERE settings_name='download_screen_max_w'") : ''; $download_screen_max_h = form_sanitizer($_POST['download_screen_max_h'], 0, 'download_screen_max_h'); $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_h}' WHERE settings_name='download_screen_max_h'") : ''; $download_screen_max_b = form_sanitizer($_POST['calc_bb'], 200, 'calc_bb') * form_sanitizer($_POST['calc_cc'], 1000, 'calc_cc'); $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_b}' WHERE settings_name='download_screen_max_b'") : ''; $download_thumb_max_h = form_sanitizer($_POST['download_thumb_max_h'], 100, 'download_thumb_max_h'); $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['download_thumb_max_h']) ? $_POST['download_thumb_max_h'] : "100") . "' WHERE settings_name='download_thumb_max_h'"); $download_thumb_max_w = form_sanitizer($_POST['download_thumb_max_w'], 100, 'download_thumb_max_w'); $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['download_thumb_max_w']) ? $_POST['download_thumb_max_w'] : "100") . "' WHERE settings_name='download_thumb_max_w'"); $download_screenshot = form_sanitizer($_POST['download_screenshot'], 0, 'download_screenshot'); $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screenshot}' WHERE settings_name='download_screenshot'"); if (!defined('FUSION_NULL')) { set_admin_pass($admin_password); redirect(FUSION_SELF . $aidlink . "&error=0"); } } } $settings2 = array(); $result = dbquery("SELECT * FROM " . DB_SETTINGS); while ($data = dbarray($result)) { $settings2[$data['settings_name']] = $data['settings_value']; } function calculate_byte($download_max_b) { $calc_opts = array(1 => 'Bytes (bytes)', 1000 => 'KB (Kilobytes)', 1000000 => 'MB (Megabytes)'); foreach ($calc_opts as $byte => $val) { if ($download_max_b / $byte <= 999) { return $byte;