{
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
*/
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url);
}
// After check print the header
$admin->print_header();
// Include the WB functions file
if (!function_exists('create_access_file')) {
require WB_PATH . '/framework/functions.php';
}
// Get values
$page_title = $admin->StripCodeFromText($admin->get_post('page_title'));
$menu_title = $admin->StripCodeFromText($admin->get_post('menu_title'));
$page_code = intval($admin->get_post('page_code'));
$description = $admin->StripCodeFromText($admin->get_post('description'));
$keywords = $admin->StripCodeFromText($admin->get_post('keywords'));
$parent = intval($admin->get_post('parent'));
// fix secunia 2010-91-3
$visibility = $admin->StripCodeFromText($admin->get_post('visibility'));
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {
$visibility = 'public';
}
// fix secunia 2010-93-3
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template'));
// fix secunia 2010-93-3
$template = $template == DEFAULT_TEMPLATE ? '' : $template;
$target = preg_replace("/\\W/", "", $admin->get_post('target'));
return $aStr;
}
}
$admin = new admin('Addons', 'modules_uninstall', false);
$js_back = ADMIN_URL . '/modules/index.php';
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Check if user selected module
if (!isset($_POST['file']) || $_POST['file'] == "") {
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'], $js_back);
} else {
$sAddonsFile = $admin->StripCodeFromText($_POST['file']);
}
// Extra protection
if (trim($sAddonsFile) == '') {
$admin->print_error($MESSAGE['GENERIC_ERROR_OPENING_FILE'], $js_back);
}
// check whether the module is core
$aPreventFromUninstall = array('captcha_control', 'jsadmin', 'output_filter', 'wysiwyg', 'menu_link');
if (preg_match('/' . $sAddonsFile . '/si', implode('|', $aPreventFromUninstall))) {
$temp = array('name' => $file);
$msg = replace_all($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $temp);
$admin->print_error($msg);
}
// Check if the module exists
if (!is_dir(WB_PATH . '/modules/' . $sAddonsFile)) {
$admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED'], $js_back);
// include WB functions file
require_once WB_PATH . '/framework/functions.php';
// load WB language file
require_once WB_PATH . '/languages/' . LANGUAGE . '.php';
// create Admin object with admin header
$admin = new admin('Addons', '', true, false);
$aValideActions = array('uninstall', 'install', 'upgrade');
/**
* Manually execute the specified module file (install.php, upgrade.php or uninstall.php)
*/
//$sModName = ($_POST['file']);
// Check if user selected module
if (!isset($_POST['file']) || $_POST['file'] == "") {
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'], $js_back);
} else {
$sAddonName = $admin->StripCodeFromText($_POST['file']);
}
$sAction = $admin->StripCodeFromText($_POST['action']);
$sAction = in_array($sAction, $aValideActions) ? $sAction : 'upgrade';
// Extra protection
if (trim($sAddonName) == '') {
$admin->print_error($MESSAGE['GENERIC_ERROR_OPENING_FILE'], $js_back);
}
// check whether the module is core
$aPreventFromUninstall = array('captcha_control', 'jsadmin', 'output_filter', 'wysiwyg', 'menu_link');
if ($sAction == 'uninstall' && preg_match('/' . $sAddonsFile . '/si', implode('|', $aPreventFromUninstall))) {
$temp = array('name' => $file);
$msg = replace_all($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $temp);
$admin->print_error($msg);
}
// check if specified module folder exists
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
$admin->print_header();
$admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
$admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
$title = $admin->StripCodeFromText($admin->get_post('title'));
$active = (int) $admin->get_post('active');
$admin_view = (int) $admin->get_post('admin_view');
$admin_edit = (int) $admin->get_post('admin_edit');
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
$description = $admin->get_post('description');
$aForbiddenTags = array('<?php', '?>', '<?');
$content = str_replace($aForbiddenTags, '', $_POST['savecontent']);
$comments = trim($admin->get_post('comments'));
$modified_when = time();
$modified_by = (int) $admin->get_user_id();
}
// Update row
$sql = 'UPDATE `' . TABLE_PREFIX . 'mod_droplets` SET ' . '`name` = \'' . $database->escapeString($title) . '\', ' . '`active` = ' . (int) $active . ', ' . '`admin_view` = ' . (int) $admin_view . ', ' . '`admin_edit` = ' . (int) $admin_edit . ', ' . '`show_wysiwyg` = ' . (int) $show_wysiwyg . ', ' . '`description` = \'' . $database->escapeString($description) . '\', ' . '`code` = \'' . $database->escapeString($content) . '\', ' . '`comments` = \'' . $database->escapeString($comments) . '\', ' . '`modified_when` = ' . (int) $modified_when . ', ' . '`modified_by` = ' . (int) $modified_by . ' ' . 'WHERE `id` = ' . (int) $droplet_id;
$database->query($sql);
// Check if there is a db error, otherwise say successful
$admin->print_header();
$aInputs = array();
$aInputs = array_merge($_POST);
// Check if user id is a valid number and doesnt equal 1
if (!isset($aInputs['user_id']) or !is_numeric($aInputs['user_id']) or $aInputs['user_id'] == 1) {
header("Location: index.php");
exit(0);
} else {
$user_id = intval($aInputs['user_id']);
}
// Gather details entered
$groups_id = isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : '';
$active = intval(is_array($aInputs['active']) ? $aInputs['active'][0] : $aInputs['active']);
$password = $admin->get_post('password');
$password2 = $admin->get_post('password2');
$display_name = $admin->StripCodeFromText($admin->get_post('display_name'));
$email = $admin->get_post('email');
$home_folder = $admin->get_post('home_folder');
// Check values
if ($groups_id == "") {
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
}
if ($password != "") {
if (strlen($password) < 2) {
$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back);
}
if ($password != $password2) {
$admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back);
}
}
$md5_password = md5($password);