function __destruct() { cLogsDb::$count_glob--; parent::__destruct(); if (cLogsDb::$count_glob == 0 && DB_DEBUG) { //cLogs::$aLogsAll[] = array("DB_QUERIES",cLogsDb::$aDbFileLogs); cLogsDb::writeLogsToFile(); } }
<?php if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("addcapability.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_capab'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $namePat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) { $Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name'])); } $Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!'); $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { try { $aVals = array(); $aVals[] = array('name', $_POST['name']); $aVals[] = array('description', $_POST['description']); /// insert values ///
private function insert($aUser) { $time = getDateToDb(time() + AUTH_TIMEOUT); $sess = session_id(); $res = cDb::insert('core_authentications', array(array('timeinit', $time), array('user', $aUser['id'], false), array('session', $sess), array('ip', $_SERVER['REMOTE_ADDR']))); if (!$res) { cLogs::addLog("#### AuthInsert: false"); $this->aErrors[] = getString("Some error during login process!", 'core'); $this->aErrors[] = getString("Contact your admin to solve this problem!", 'core'); $this->clearSessions(); $this->clearCookies(); return false; } $this->setSessions($aUser); $this->setCookies($aUser); return true; }
<?php if (!session_id()) { @session_start(); } require_once "../core/core_defines.inc.php"; require_once ROOT_PATH . "core/global_fce.php"; requireFile("admin/admin_fce.php"); $DB = new cDb(); $DB->connect(); $CFG = new cCfg(); $Logs = new cLogs("index.php"); $Logs->on(); $Logs->addLog($_POST, "POST"); $_aErrors = array(); $_aAlerts = array(); $Authent = new cAuthentication(); $bAut = $Authent->authenticate(); if (!$bAut && ADMIN_PAGE_ACCESS_AUTHORIZIED || $bAut && !$CFG->hasCapability('superadmin')) { header("Location: " . HTTP_PATH); } $_index_rights = true; foreach ($_GET as $k => $v) { $_GET[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } /// update capabilities /// if (isset($_POST['update_capab'])) { _updateCapabilities(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("adduser.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_user'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!'); $Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!'); $Check->check('role', 'is_numeric($test)', 'The role is required!'); /// max. 50 symbols /// $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) { /// check if login already exists /// $Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login'])); } $passwPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) { $Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']); } $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) {
$bPageLng = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])))); } } if ($bPage && $bPageLng) { /// create php file with action /// $hPage = fopen(ROOT_PATH . "pages/actions/" . $_POST['page'] . ".php", "w+"); $toFile = "<?php\nclass " . $_POST['page'] . " extends cPageAction {\n\t\n\tpublic function __construct() {\n\t\tparent::__construct(get_class());\n\t\tself::action();\t\n\t}\n\t\n\tprivate function action() {\n\t\t/// your code goes here \n\t}\n}\n?>"; fwrite($hPage, $toFile); fclose($hPage); return true; } return false; } ########################################################################################## ###################################### code ############################################## $Logs = new cLogs("add.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); if (isset($_POST['add_template'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/'; /// existing templates wasn't selected /// if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) { $Check->check('newtemp', '$test==false', 'The name of TEMPLATE already exists!', admin_tempExists($_POST['newtemp'])); } $Logs->addLog($Check->isValid(), 'valid'); //$Logs->addLog($Check->getErrors(),'errors');
<?php if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("addrole.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_role'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); /// max. 100 symbols /// if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) { /// check if name already exists /// $Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name'])); } $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!'); $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type'); $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type'); $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { try { $aVals = array();
} $lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', null), 'AND', array('page', '=', $pageid))); if (count($lngExists)) { $bPageLng[] = $DB->update('core_lngpages', array(array('title', $_POST['title']), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])), array('timemodified', getDateToDb())), array(array('lng', '=', null), 'AND', array('page', '=', $pageid))); } else { $bPageLng[] = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])))); } } else { $DB->delete('core_lngpages', array(array('lng', '=', null), 'AND', array('page', '=', $pageid))); } } return $bPage && count($bPageLng); } ########################################################################################## ###################################### code ############################################## $Logs = new cLogs("editpage.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); /// POST data to insert new page are sent /// if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); /// existing templates wasn't selected /// $Check->check('temp', '$test !== "null"', 'TEMPLATE is required!'); $bTitle = false; foreach ($_POST as $k => $v) { if (substr($k, 0, 3) == 'lng') { $Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!');
<?php if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("editroles.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['update_role'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']); if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) { /// check if name already exists /// if ($exists = admin_roleExists($_POST['name'])) { $Logs->addLog($exists, 'role EXISTS'); $exists = !($exists['id'] == $_POST['roleid']); } $Logs->addLog($exists, 'role EXISTS'); $Check->check('name', '$test==false', 'The name of role already exists!', $exists); } $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!'); $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type'); $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type'); $Logs->addLog($Check->isValid(), 'form valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) {
<?php if (!session_id()) { @session_start(); } require_once "core/core_defines.inc.php"; require_once "core/global_fce.php"; require_once "custom_defines.inc.php"; $Logs = new cLogs("index.php"); $Logs->on(); $Logs->addLog($_POST, "POST"); $DB = new cDb(); $connection = $DB->connect(); if ($connection) { $CFG = new cCfg(); if (!isset($_GET['_pageAction_'])) { if (is_string($CFG->getDefaultPage('path'))) { header("Location: " . $CFG->getDefaultPage('path')); } else { if (!ADMIN_PAGE_ACCESS_AUTHORIZIED) { header("Location: " . HTTP_PATH . "admin"); } } } $action = get_magic_quotes_gpc() ? $_GET['_pageAction_'] : addslashes($_GET['_pageAction_']); //$Logs->addLog($action,"_pageAction_"); $CORE = new cBuildIndex($action); if (MK_DEBUG) { $CORE->addCssToHead("core/logs.css"); } $Authent = new cAuthentication();
<?php if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } ########################################################################################## ###################################### code ############################################## $Logs = new cLogs("edittemplate.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!'); $Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!'); $Logs->addLog($Check->isValid(), 'valid'); //$Logs->addLog($Check->getErrors(),'errors'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { if ($_POST['parent_temp'] != 'null') { $aVals[] = array('parentid', intval($_POST['parent_temp']), false); } else { $aVals[] = array('parentid', 'NULL', false); }
<?php if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("editroles.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['update_user'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $aVals = array(); $Check = new cCheckForm(); $Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']); $Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!'); $Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!'); $Check->check('role', 'is_numeric($test)', 'The role is in wrong format!'); /// change login /// if (strlen($_POST['login'])) { /// max. 50 symbols /// $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) { /// check if login already exists /// if ($exists = admin_roleExists($_POST['login'])) { $Logs->addLog($exists, 'user login EXISTS'); $exists = !($exists['id'] == $_POST['userid']); } $Logs->addLog($exists, 'user login EXISTS');