*/
$strRel = '../../../';
include $strRel . 'config.php';
include $DIR_LIBS . 'PLUGINADMIN.php';
include 'functions.php';
$language = ereg_replace('[\\|/]', '', getLanguageName());
$langfile = $language . '.php';
if (file_exists($langfile)) {
include_once $langfile;
} else {
include_once 'english.php';
}
/**
* Create admin area
*/
$oPluginAdmin = new PluginAdmin('LinkList');
$pluginUrl = $oPluginAdmin->plugin->getAdminURL();
switch ($oPluginAdmin->plugin->getOption('sel_edit')) {
case 'siteadmin':
$flg_edit = $member->isAdmin();
break;
case 'blogadmin':
$flg_edit = $oPluginAdmin->plugin->_isBlogAdmin();
break;
case 'blogteam':
$flg_edit = $oPluginAdmin->plugin->_isBlogTeam();
break;
}
if (!($member->isLoggedIn() and $flg_edit)) {
$oPluginAdmin->start();
echo '<p>' . _ERROR_DISALLOWED . '</p>';
// edit this variable to point to your site directory
// (where config.php is)
$strRel = '../../../';
include $strRel . 'config.php';
if (!$member->isAdmin()) {
doError('Insufficient Permissions.');
}
include_libs('PLUGINADMIN.php');
// some functions
function SE_unlockLogin($login)
{
sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
}
// checks
// create the admin area page
$oPluginAdmin = new PluginAdmin('SecurityEnforcer');
// add styles to the <HEAD>
$oPluginAdmin->start('');
// if form to unlock is posted
if (postVar('action') == 'unlock') {
if (!$manager->checkTicket()) {
doError('Invalid Ticket');
}
$logins = postVar('unlock');
$message = '';
if (is_array($logins)) {
foreach ($logins as $entity) {
SE_unlockLogin($entity);
$message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED;
}
}
/**
* Check ticket when not checked in plugin's admin page
* to avoid CSRF.
* Also avoid the access to plugin/index.php by guest user.
*/
function ticketForPlugin()
{
global $CONF, $DIR_PLUGINS, $member, $ticketforplugin;
/* initialize */
$ticketforplugin = array();
$ticketforplugin['ticket'] = FALSE;
/* Check if using plugin's php file. */
if ($p_translated = serverVar('PATH_TRANSLATED')) {
if (!file_exists($p_translated)) {
$p_translated = '';
}
}
if (!$p_translated) {
$p_translated = serverVar('SCRIPT_FILENAME');
if (!file_exists($p_translated)) {
header("HTTP/1.0 404 Not Found");
exit('');
}
}
$p_translated = str_replace('\\', '/', $p_translated);
$d_plugins = str_replace('\\', '/', $DIR_PLUGINS);
if (strpos($p_translated, $d_plugins) !== 0) {
return;
// This isn't plugin php file.
}
/* Solve the plugin php file or admin directory */
$phppath = substr($p_translated, strlen($d_plugins));
$phppath = preg_replace('#^/#', '', $phppath);
// Remove the first "/" if exists.
$path = preg_replace('#^NP_(.*)\\.php$#', '$1', $phppath);
// Remove the first "NP_" and the last ".php" if exists.
$path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path);
// Remove the "/" and beyond.
/* Solve the plugin name. */
$plugins = array();
$query = 'SELECT `pfile` FROM ' . sql_table('plugin');
$res = sql_query($query);
while ($row = sql_fetch_row($res)) {
$name = substr($row[0], 3);
$plugins[strtolower($name)] = $name;
}
sql_free_result($res);
if ($plugins[$path]) {
$plugin_name = $plugins[$path];
} else {
if (in_array($path, $plugins)) {
$plugin_name = $path;
} else {
header("HTTP/1.0 404 Not Found");
exit('');
}
}
/* Return if not index.php */
if ($phppath != strtolower($plugin_name) . '/' && $phppath != strtolower($plugin_name) . '/index.php') {
return;
}
/* Exit if not logged in. */
if (!$member->isLoggedIn()) {
exit(_GFUNCTIONS_YOU_AERNT_LOGGEDIN);
}
global $manager, $DIR_LIBS, $DIR_LANG, $HTTP_GET_VARS, $HTTP_POST_VARS;
/* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */
if (!($p_translated = serverVar('PATH_TRANSLATED'))) {
$p_translated = serverVar('SCRIPT_FILENAME');
}
if ($file = @file($p_translated)) {
$prevline = '';
foreach ($file as $line) {
if (preg_match('/[\\$]manager([\\s]*)[\\-]>([\\s]*)checkTicket([\\s]*)[\\(]/i', $prevline . $line)) {
return;
}
$prevline = $line;
}
}
/* Show a form if not valid ticket */
if ((strstr(serverVar('REQUEST_URI'), '?') || serverVar('QUERY_STRING') || strtoupper(serverVar('REQUEST_METHOD')) == 'POST') && !$manager->checkTicket()) {
if (!class_exists('PluginAdmin')) {
$language = getLanguageName();
# replaced ereg_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
# original ereg_replace: ereg_replace( '[\\|/]', '', $language) . '.php')
# important note that '\' must be matched with '\\\\' in preg* expressions
include $DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php';
include $DIR_LIBS . 'PLUGINADMIN.php';
}
$oPluginAdmin = new PluginAdmin($plugin_name);
$oPluginAdmin->start();
echo '<p>' . _ERROR_BADTICKET . "</p>\n";
/* Show the form to confirm action */
// PHP 4.0.x support
$get = isset($_GET) ? $_GET : $HTTP_GET_VARS;
$post = isset($_POST) ? $_POST : $HTTP_POST_VARS;
// Resolve URI and QUERY_STRING
if ($uri = serverVar('REQUEST_URI')) {
list($uri, $qstring) = explode('?', $uri);
} else {
if (!($uri = serverVar('PHP_SELF'))) {
$uri = serverVar('SCRIPT_NAME');
}
$qstring = serverVar('QUERY_STRING');
}
if ($qstring) {
$qstring = '?' . $qstring;
}
echo '<p>' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' <span style="color:red;">' . htmlspecialchars($plugin_name) . "</span> ?</p>\n";
switch (strtoupper(serverVar('REQUEST_METHOD'))) {
case 'POST':
echo '<form method="POST" action="' . htmlspecialchars($uri . $qstring) . '">';
$manager->addTicketHidden();
_addInputTags($post);
break;
case 'GET':
echo '<form method="GET" action="' . htmlspecialchars($uri) . '">';
$manager->addTicketHidden();
_addInputTags($get);
default:
break;
}
echo '<input type="submit" value="' . _YES . '" /> ';
echo '<input type="button" value="' . _NO . '" onclick="history.back(); return false;" />';
echo "</form>\n";
$oPluginAdmin->end();
exit;
}
/* Create new ticket */
$ticket = $manager->addTicketToUrl('');
$ticketforplugin['ticket'] = substr($ticket, strpos($ticket, 'ticket=') + 7);
}
private function showAdmin($type)
{
global $CONF, $DIR_LIBS, $DIR_MEDIA, $manager;
$type = (string) $type;
if (!class_exists('PLUGINADMIN', FALSE)) {
include $DIR_LIBS . 'PLUGINADMIN.php';
}
$oPluginAdmin = new PluginAdmin('Thumbnail');
$oPluginAdmin->start();
echo "<h2>NP_Thumbnail</h2>\n";
if ($this->getOption('save_thumb') === 'no') {
echo '<p>' . $this->t(_NP_THUMBNAIL_14) . "</p>\n";
$oPluginAdmin->end();
return;
}
$logs = array();
if ($type == 'clear') {
if ($this->getOption('save_thumb') == 'filesystem') {
$logs = MediaUtils::purgeDir($DIR_MEDIA, self::$thumbdir . '/');
}
}
echo "<p>" . $this->t(_NP_THUMBNAIL_15, array(self::$thumbdir)) . "<br />\n";
echo $this->t(_NP_THUMBNAIL_16, array(self::$max_sync)) . "<br />\n";
echo $this->t(_NP_THUMBNAIL_17) . "</p>\n";
if ($type == 'sync') {
$maxwidth = $this->getOption('maxwidth');
$maxheight = $this->getOption('maxheight');
if ($this->getOption('save_thumb') == 'filesystem') {
echo "<h3>" . $this->t(_NP_THUMBNAIL_22) . "</h3>\n";
if (self::syncFilesystem($DIR_MEDIA, self::$thumbdir, $maxwidth, $maxheight)) {
echo "<p>何かのエラーメッセージ</p>\n";
}
}
}
$media = MediaUtils::getMediaList($DIR_MEDIA);
$elected = array();
$rejected = array();
foreach ($media as $medium) {
if (!array_key_exists($medium->mime, MediaUtils::$image_mime)) {
continue;
}
if (file_exists($DIR_MEDIA . self::getThumbPath($medium))) {
$rejected[] =& $medium;
continue;
} else {
$elected[] =& $medium;
continue;
}
}
$total_media = count($media);
$total_elected = count($elected);
$total_rejected = count($rejected);
$total_images = count($rejected) + $total_elected;
/*
* NOTICE: NP_Improvededia with eachblogdir option rewrite
* global variables of "DIR_MEDIA" and "$CONF['MediaURL']"
* in its initializing process.
* (I realized it a bad behavior but there is no other way...)
* Here are based on its rewriting system.
* (Apr. 06, 2011)
*/
if ($manager->pluginInstalled('NP_ImprovedMedia')) {
$NP_ImprovedMedia =& $manager->getPlugin('NP_ImprovedMedia');
if ($NP_ImprovedMedia->getOption('IM_EACHBLOGDIR') == 'yes') {
echo "<form method=\"post\" action=\"{$CONF['ActionURL']}?action=plugin&name=Thumbnail\" enctype=\"application/x-www-form-urlencoded\">\n";
echo "<p>\n";
echo "<label for=\"blogid\">" . $this->t(_NP_THUMBNAIL_18) . "</label>\n";
echo "<select name=\"blogid\" id=\"blogid\"onchange=\"return form.submit()\">\n";
foreach (MediaUtils::$blogs as $blogid => $bshortname) {
if ($blogid == MediaUtils::$blogid) {
echo "<option value=\"{$blogid}\" selected=\"selected\">{$bshortname}</option>\n";
} else {
echo "<option value=\"{$blogid}\">{$bshortname}</option>\n";
}
}
echo "</select>\n";
echo "<input type=\"hidden\" id=\"admin\" name=\"type\" value=\"admin\">\n";
echo "</p>\n";
echo "</form>\n";
}
}
echo "<form method=\"post\" action=\"{$CONF['ActionURL']}?action=plugin&name=Thumbnail\" enctype=\"application/x-www-form-urlencoded\">\n";
echo "<ul>\n";
echo "<li>" . $this->t(_NP_THUMBNAIL_19, array($total_media)) . "</li>\n";
echo "<li>" . $this->t(_NP_THUMBNAIL_20, array($total_images)) . "</li>\n";
echo "<li>" . $this->t(_NP_THUMBNAIL_21, array($total_rejected)) . "</li>\n";
echo "</ul>\n";
echo "<p>\n";
echo '<input type="hidden" name="blogid" value="' . MediaUtils::$blogid . '">' . "\n";
echo "<input type=\"submit\" name=\"type\" value=\"sync\">\n";
echo "<input type=\"submit\" name=\"type\" value=\"clear\">\n";
echo "</p>\n";
if ($logs) {
echo "<h3>" . $this->t(_NP_THUMBNAIL_22) . "</h3>\n";
echo "<ul>\n";
foreach ($logs as $log) {
echo "<li>{$log}</li>\n";
}
echo "</ul>\n";
}
echo "</form>\n";
$oPluginAdmin->end();
return;
}
.badbehavior .p {text-align: left;}
.badbehavior .e {background-color: #ccccff; font-weight: bold; color: #000000;}
.badbehavior .h {background-color: #9999cc; font-weight: bold; color: #000000;}
.badbehavior .v {background-color: #cccccc; color: #000000;}
.badbehavior .vr {background-color: #cccccc; text-align: right; color: #000000;}
.badbehavior hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;}
</style>';
// if your 'plugin' directory is not in the default location,
// edit this variable to point to your site directory
// (where config.php is)
$strRel = '../../../';
$plugname = "NP_BadBehavior";
include $strRel . 'config.php';
include $DIR_LIBS . 'PLUGINADMIN.php';
// create the admin area page
$oPluginAdmin = new PluginAdmin('BadBehavior');
$oPluginAdmin->start($newhead);
if ($member->isLoggedIn() && $member->canLogin()) {
$admin = 1;
} else {
echo 'You are not logged in.';
$oPluginAdmin->end();
exit;
}
global $CONF, $manager;
// $manager->checkTicket();
$action_url = $CONF['ActionURL'];
$thispage = $CONF['PluginURL'] . "badbehavior/index.php";
$adminpage = $CONF['AdminURL'];
$thisquerystring = serverVar('QUERY_STRING');
$toplink = '<p class="center"><a href="' . $thispage . '?' . $thisquerystring . '#sitop" alt="Return to Top of Page">-top-</a></p>' . "\n";
