function pluginNews_button($buttons) { if (isset($_REQUEST['pluginNews'])) { XSRFdefender('pluginNews'); processPlugins(); } $buttons[] = array('enable' => true, 'button_text' => gettext('Plugin Articles'), 'formname' => 'pluginNews_button', 'action' => '?pluginNews=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate plugin articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="pluginNews" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'pluginNews'); return $buttons; }
function Troubleshooting_button($buttons) { if (isset($_REQUEST['Troubleshooting'])) { XSRFdefender('Troubleshooting'); processTroubleshooting(); } $buttons[] = array('enable' => true, 'button_text' => gettext('Troubleshooting Articles'), 'formname' => 'Troubleshooting_button', 'action' => '?Troubleshooting=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate Troubleshooting articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="Troubleshooting" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'Troubleshooting'); return $buttons; }
function filterDoc_button($buttons) { if (isset($_REQUEST['filterDoc'])) { XSRFdefender('filterDoc'); processFilters(); } $buttons[] = array('enable' => true, 'button_text' => gettext('Filter Doc Gen'), 'formname' => 'filterDoc_button', 'action' => '?filterDoc=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate filter document'), 'alt' => '', 'hidden' => '<input type="hidden" name="filterDoc" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'filterDoc'); return $buttons; }
if (isset($_GET['publish'])) { XSRFdefender('update'); $obj = new ZenpageCategory(sanitize($_GET['titlelink'])); $obj->setShow(sanitize_numeric($_GET['publish'])); $obj->save(); } if (isset($_GET['save'])) { XSRFdefender('save_categories'); addCategory($reports); } if (isset($_GET['id'])) { $x = $_zp_zenpage->getCategory(sanitize_numeric($_GET['id'])); $result = new ZenpageCategory($x['titlelink']); } else { if (isset($_GET['update'])) { XSRFdefender('update_categories'); $result = updateCategory($reports); } else { $result = new ZenpageCategory(''); } } printAdminHeader('news', 'categories'); zp_apply_filter('texteditor_config', '', 'zenpage'); printSortableHead(); zenpageJSCSS(); ?> <script type="text/javascript"> //<!-- <![CDATA[ var deleteCategory = "<?php echo gettext("Are you sure you want to delete this category? THIS CANNOT BE UNDONE!"); ?>
$plugin_author = "Malte Müller (acrylian)"; zp_register_filter('admin_utilities_buttons', 'wordpress_import_button'); function wordpress_import_button($buttons) { $buttons[] = array('category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Wordpress Importer'), 'formname' => 'wordpress_import.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import.php', 'icon' => WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import/wpmini-blue.png', 'title' => gettext('An importer for Wordpress posts and pages to Zenpage.'), 'alt' => '', 'hidden' => '', 'rights' => ADMIN_RIGHTS); return $buttons; } } else { define('OFFSET_PATH', 3); require_once dirname(dirname(__FILE__)) . '/admin-globals.php'; if (extensionEnabled('zenpage')) { require_once dirname(dirname(__FILE__)) . '/' . PLUGIN_FOLDER . '/zenpage/admin-functions.php'; } admin_securityChecks(NULL, currentRelativeURL()); if (isset($_REQUEST['dbname']) || isset($_REQUEST['dbuser']) || isset($_REQUEST['dbpass']) || isset($_REQUEST['dbhost'])) { XSRFdefender('wordpress'); } // some extra functions function wp_query_full_array($sql, $wpconnection) { $result = mysqli_query($wpconnection, $sql) or die(gettext("Query failed : ") . mysqli_error($wpconnection)); if ($result) { $allrows = array(); while ($row = mysqli_fetch_assoc($result)) { $allrows[] = $row; } return $allrows; } else { return false; } }
query($sql); $sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`="' . $menuset . '" AND `sort_order` LIKE "' . $result['sort_order'] . '/%"'; query($sql); $reports[] = "<p class='messagebox fade-message'>" . gettext('Menu item deleted') . "</p>"; } } if (isset($_GET['deletemenuset'])) { XSRFdefender('delete_menu'); $sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`=' . db_quote(sanitize($_GET['deletemenuset'])); query($sql); $_menu_manager_items = array(); $delmsg = "<p class='messagebox fade-message'>" . sprintf(gettext("Menu set '%s' deleted"), html_encode($_GET['deletemenuset'])) . "</p>"; } // publish or un-publish page by click if (isset($_GET['publish'])) { XSRFdefender('update_menu'); publishItem($_GET['id'], $_GET['show'], $menuset); } printAdminHeader('menu'); printSortableHead(); ?> </head> <body> <?php printLogoAndLinks(); ?> <div id="main"> <?php printTabs(); ?> <div id="content">
$sql = ''; unset($_POST['publish_albums']); foreach ($_POST as $key => $albumid) { $key = sanitize_numeric(str_replace('sched_', '', $key)); if (is_numeric($key)) { $sql .= '`id`="' . sanitize_numeric($key) . '" OR '; } } if (!empty($sql)) { $sql = substr($sql, 0, -4); $sql = 'UPDATE ' . prefix('albums') . ' SET `show`="1" WHERE ' . $sql; query($sql); } } else { if (isset($_POST['publish_images'])) { XSRFdefender('schedule_content'); unset($_POST['publish_images']); $sql = ''; foreach ($_POST as $action) { $i = strrpos($action, '_'); $imageid = sanitize_numeric(substr($action, $i + 1)); switch (substr($action, 0, $i)) { case 'pub': if (is_numeric($imageid)) { $sql .= '`id`="' . $imageid . '" OR '; } break; case 'del': $rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid); $rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']); $album = new Album($gallery, $rowa['folder']);
// we don't want plugins loaded but we are not setup require_once dirname(__FILE__) . '/admin-globals.php'; // need the class plugins to handle video, etc. foreach (getEnabledPlugins() as $extension => $plugin) { if ($plugin['priority'] & CLASS_PLUGIN) { require_once $plugin['path']; } } require_once dirname(__FILE__) . '/template-functions.php'; if (isset($_REQUEST['album'])) { $localrights = ALBUM_RIGHTS; } else { $localrights = NULL; } admin_securityChecks($localrights, $return = currentRelativeURL()); XSRFdefender('refresh'); $imageid = ''; if (isset($_GET['refresh'])) { if (isset($_GET['id'])) { $imageid = sanitize_numeric($_GET['id']); } $imageid = $_zp_gallery->garbageCollect(true, true, $imageid); } if (isset($_GET['prune'])) { $type = 'prune&'; $title = gettext('Refresh Database'); $finished = gettext('Finished refreshing the database'); $incomplete = gettext('Database refresh is incomplete'); $allset = gettext("We are all set to refresh the database"); $continue = gettext('Continue refreshing the database.'); } else {
* purge options tab * * @author Stephen Billard (sbillard) * * Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20} * * @package plugins * @subpackage admin */ // force UTF-8 Ø define('OFFSET_PATH', 1); require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; admin_securityChecks(OPTIONS_RIGHTS, $return = currentRelativeURL()); $xlate = array('plugins' => gettext('User plugins'), 'zp-core/zp-extensions' => gettext('Extensions'), 'themes' => gettext('Themes')); if (isset($_POST['purge'])) { XSRFdefender('purgeOptions'); if (isset($_POST['del'])) { foreach ($_POST['del'] as $owner) { $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner)); $result = query($sql); if (preg_match('~^' . THEMEFOLDER . '/~', $owner)) { if ($owner == THEMEFOLDER . '/') { $where = ' WHERE `creator` = "' . THEMEFOLDER . '/"'; } else { $where = ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner) . '/themeoptions.php'); } $sql = 'DELETE FROM ' . prefix('options') . $where; $result = query($sql); } else { purgeOption('zp_plugin_' . stripSuffix(basename($owner))); }
} else { $notify = '&migration_error'; } header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&subpage=" . $subpage . $notify); exitZP(); break; case 'deleteadmin': XSRFdefender('deleteadmin'); $adminobj = Zenphoto_Authority::newAdministrator(sanitize($_GET['adminuser']), 1); zp_apply_filter('save_user', '', $adminobj, 'delete'); $adminobj->remove(); header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&deleted&subpage=" . $subpage); exitZP(); break; case 'saveoptions': XSRFdefender('saveadmin'); $notify = $returntab = $msg = ''; if (isset($_POST['saveadminoptions'])) { if (isset($_POST['checkForPostTruncation'])) { if (isset($_POST['alter_enabled']) || sanitize_numeric($_POST['totaladmins']) > 1 || trim(sanitize($_POST['adminuser0'])) != $_zp_current_admin_obj->getUser() || isset($_POST['0-newuser'])) { if (!$_zp_current_admin_obj->reset) { admin_securityChecks(ADMIN_RIGHTS, currentRelativeURL()); } } $alter = isset($_POST['alter_enabled']); $nouser = true; $returntab = $newuser = false; for ($i = 0; $i < sanitize_numeric($_POST['totaladmins']); $i++) { $updated = false; $error = false; $userobj = NULL;
<?php /** * * Zenphoto site cloner * * @package admin */ define('OFFSET_PATH', 4); require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; require_once SERVERPATH . '/' . ZENFOLDER . '/reconfigure.php'; admin_securityChecks(NULL, currentRelativeURL()); XSRFdefender('cloneZenphoto'); $msg = array(); $folder = sanitize($_GET['clonePath']); $path = str_replace(WEBPATH, '/', SERVERPATH); $newinstall = trim(str_replace($path, '', $folder), '/') . '/'; if (trim($folder, '/') == SERVERPATH) { $msg[] = gettext('You attempted to clone to the master install.'); $success = false; } else { $success = true; $targets = array(ZENFOLDER => 'dir', USER_PLUGIN_FOLDER => 'dir', 'index.php' => 'file'); $zplist = $_zp_gallery->getThemes(); foreach ($zplist as $theme => $data) { $targets[THEMEFOLDER . '/' . $theme] = 'dir'; } foreach (array(internalToFilesystem('charset_tést'), internalToFilesystem('charset.tést')) as $charset) { if (file_exists(SERVERPATH . '/' . DATA_FOLDER . '/' . $charset)) { $targets[DATA_FOLDER . '/' . $charset] = 'file'; }
/** clear the RSScache ***********************************************************/ /******************************************************************************/ /** clear the RSScache ***********************************************************/ /******************************************************************************/ case "clear_rss_cache": XSRFdefender('clear_cache'); clearRSScache(); $class = 'messagebox'; $msg = gettext('RSS cache cleared.'); break; /** Reset hitcounters ***********************************************************/ /********************************************************************************/ /** Reset hitcounters ***********************************************************/ /********************************************************************************/ case "reset_hitcounters": XSRFdefender('hitcounter'); query('UPDATE ' . prefix('albums') . ' SET `hitcounter`= 0'); query('UPDATE ' . prefix('images') . ' SET `hitcounter`= 0'); query('UPDATE ' . prefix('news') . ' SET `hitcounter`= 0'); query('UPDATE ' . prefix('pages') . ' SET `hitcounter`= 0'); query('UPDATE ' . prefix('news_categories') . ' SET `hitcounter`= 0'); query('UPDATE ' . prefix('options') . ' SET `value`= 0 WHERE `name` LIKE "Page-Hitcounter-%"'); query("DELETE FROM " . prefix('plugin_storage') . " WHERE `type` = 'rsshitcounter'"); $class = 'messagebox'; $msg = gettext('All hitcounters have been set to zero'); break; /** check for update ***********************************************************/ /********************************************************************************/ /** check for update ***********************************************************/ /********************************************************************************/ case 'check_for_update':
break; case 'height': $size = $height; $sr = 1; $sizedwidth = Round($width / $height * $size); $sizedheight = $size; break; } $args = array($size, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, NULL); $imageurl = getImageProcessorURI($args, $albumname, $imagepart); $iW = round($sizedwidth * 0.9); $iH = round($sizedheight * 0.9); $iX = round($sizedwidth * 0.05); $iY = round($sizedheight * 0.05); if (isset($_REQUEST['crop'])) { XSRFdefender('crop'); $cw = $_REQUEST['w']; $ch = $_REQUEST['h']; $cx = $_REQUEST['x']; $cy = $_REQUEST['y']; $rw = $width / $sizedwidth; $rh = $height / $sizedheight; $cw = round($cw * $rw); $ch = round($ch * $rh); $cx = round($cx * $rw); $cy = round($cy * $rh); //create a new image with the set cropping $quality = getOption('full_image_quality'); $rotate = false; if (zp_imageCanRotate()) { $rotate = getImageRotation($imgpath);
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?saved'); } exitZP(); case 'deletecomment': XSRFdefender('deletecomment'); $id = sanitize_numeric($_GET['id']); $comment = new Comment($id); $comment->remove(); header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?ndeleted=1'); exitZP(); case 'savecomment': if (!isset($_POST['id'])) { header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php'); exitZP(); } XSRFdefender('savecomment'); $id = sanitize_numeric($_POST['id']); $comment = new Comment($id); if (isset($_POST['name'])) { $comment->setName(sanitize($_POST['name'], 3)); } if (isset($_POST['email'])) { $comment->setEmail(sanitize($_POST['email'], 3)); } if (isset($_POST['website'])) { $comment->setWebsite(sanitize($_POST['website'], 3)); } $comment->setDateTime(sanitize($_POST['date'], 3)); $comment->setComment(sanitize($_POST['comment'], 1)); $comment->setCustomData($_comment_form_save_post = serialize(getCommentAddress(0))); $comment->save();
$reports[] = $msg; } } } if (is_AdminEditPage('newscategory')) { $tab = 'news'; $_GET['tab'] = 'categories'; if (isset($_GET['save'])) { XSRFdefender('save'); updateCategory($reports, true); } if (isset($_GET['titlelink'])) { $result = new ZenpageCategory(urldecode(sanitize($_GET['titlelink']))); } else { if (isset($_GET['update'])) { XSRFdefender('update'); $result = updateCategory($reports); } else { $result = new ZenpageCategory(''); $result->setShow(1); } } } printAdminHeader($tab, $result->transient ? gettext('add') : gettext('edit')); zp_apply_filter('texteditor_config', 'zenpage'); zenpageJSCSS(); datepickerJS(); codeblocktabsJS(); ?> <script type="text/javascript"> //<!-- <![CDATA[
} else { $albumdir = dirname($folder); } if ($albumdir != '/' && $albumdir != '.') { $albumdir = "&album=" . pathurlencode($albumdir); } else { $albumdir = ''; } } else { $albumdir = ''; } header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-edit.php?page=edit" . $albumdir . "&ndeleted=" . $nd); exitZP(); break; case 'newalbum': XSRFdefender('newalbum'); $name = sanitize($_GET['name']); $folder = sanitize($_GET['folder']); $seoname = seoFriendly($name); if (empty($folder) || $folder == '/' || $folder == '.') { $albumdir = ''; $folder = $seoname; } else { $albumdir = "&album=" . pathurlencode($folder); $folder = $folder . '/' . $seoname; } $uploaddir = $_zp_gallery->albumdir . internalToFilesystem($folder); if (is_dir($uploaddir)) { if ($name != $seoname) { $name .= ' (' . $seoname . ')'; }
} } if (isset($_POST['subpage']) && $_POST['subpage'] == 'object' && count($reports) <= 1) { header('Location: ' . $result->getLink()); exitZP(); } } else { $result = $new(''); } } if (isset($_GET['save'])) { XSRFdefender('save'); $result = $update($reports, true); } if (isset($_GET['delete'])) { XSRFdefender('delete'); $msg = deleteZenpageObj('new' . $new(sanitize($_GET['delete']), 'admin-pages.php')); if (!empty($msg)) { $reports[] = $msg; } } /* * Here we should restart if any action processing has occurred to be sure that everything is * in its proper state. But that would require significant rewrite of the handling and * reporting code so is impractical. Instead we will presume that all that needs to be restarted * is the CMS object. */ $_zp_CMS = new CMS(); printAdminHeader($tab, $result->transient ? gettext('add') : gettext('edit')); zp_apply_filter('texteditor_config', 'zenpage'); zenpageJSCSS();
// force UTF-8 Ø define('OFFSET_PATH', 3); require_once dirname(dirname(__FILE__)) . '/admin-globals.php'; require_once dirname(dirname(__FILE__)) . '/template-functions.php'; $button_text = gettext('Pre-Cache Images'); $button_hint = gettext('Finds newly uploaded images that have not been cached and creates the cached version. It also refreshes the numbers above. If you have a large number of images in your gallery you might consider using the pre-cache image link for each album to avoid swamping your browser.'); $button_icon = 'images/cache1.png'; $button_rights = ADMIN_RIGHTS; $button_XSRFTag = 'cache_images'; if (isset($_REQUEST['album'])) { $localrights = ALBUM_RIGHTS; } else { $localrights = NULL; } admin_securityChecks($localrights, $return = currentRelativeURL(__FILE__)); XSRFdefender('cache_images'); function loadAlbum($album) { global $gallery, $_zp_current_album, $_zp_current_image; $subalbums = $album->getAlbums(); $started = false; $tcount = $count = 0; foreach ($subalbums as $folder) { $subalbum = new Album($gallery, $folder); if (!$subalbum->isDynamic()) { $tcount = $tcount + loadAlbum($subalbum); } } $theme = $gallery->getCurrentTheme(); $id = 0; $parent = getUrAlbum($album);
} } $report = false; $publish_albums_list = array(); $publish_images_list = array(); if (isset($_POST['set_defaults'])) { XSRFdefender('publishContent'); $_zp_gallery->setAlbumPublish((int) isset($_POST['album_default'])); $_zp_gallery->setImagePublish((int) isset($_POST['image_default'])); $_zp_gallery->save(); $report = 'defaults'; } else { if (isset($_POST['publish'])) { $action = sanitize($_POST['publish']); unset($_POST['publish']); XSRFdefender('publishContent'); switch ($action) { case 'albums': unset($_POST['checkAllAuto']); foreach ($_POST as $key => $albumid) { $album = newAlbum(postIndexDecode($key)); $album->setShow(1); $album->save(); } $report = 'albums'; break; case 'images': foreach ($_POST as $action) { $i = strrpos($action, '_'); $imageid = sanitize_numeric(substr($action, $i + 1)); $rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
$localrights = ALBUM_RIGHTS; } else { $localrights = NULL; } admin_securityChecks($localrights, $return = currentRelativeURL()); if (isset($_GET['album'])) { $folder = sanitize($_GET['album']); $album = newAlbum($folder); if (!$album->isMyItem(ALBUM_RIGHTS)) { if (!zp_apply_filter('admin_managed_albums_access', false, $return)) { header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php'); exitZP(); } } if (isset($_GET['saved'])) { XSRFdefender('save_sort'); if (isset($_POST['ids'])) { // process bulk actions, not individual image actions. $action = processImageBulkActions($album); if (!empty($action)) { $_GET['bulkmessage'] = $action; } } else { parse_str($_POST['sortableList'], $inputArray); if (isset($inputArray['id'])) { $orderArray = $inputArray['id']; if (!empty($orderArray)) { foreach ($orderArray as $key => $id) { $sql = 'UPDATE ' . prefix('images') . ' SET `sort_order`=' . db_quote(sprintf('%03u', $key)) . ' WHERE `id`=' . sanitize_numeric($id); query($sql); }
<?php /** * Bulk enable/disable of plugins * @package core */ // force UTF-8 Ø define('OFFSET_PATH', 3); require_once dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME']))) . "/zp-core/admin-globals.php"; admin_securityChecks(ADMIN_RIGHTS, $return = currentRelativeURL()); XSRFdefender('pluginEnabler'); if (isset($_GET['pluginsRemember'])) { setOption('pluginEnabler_currentset', serialize(array_keys(getEnabledPlugins()))); $report = gettext('Current enabled plugins remembered'); } if (isset($_GET['pluginsEnable'])) { $paths = getPluginFiles('*.php'); $pluginlist = array_keys($paths); switch ($setting = sanitize_numeric($_GET['pluginsEnable'])) { case 0: $report = gettext('Plugins disabled'); break; case 1: $report = gettext('Zenphoto plugins enabled'); break; case 2: $report = gettext('Remembered plugins enabled'); $savedlist = getSerializedArray(getOption('pluginEnabler_currentset')); break; case 3: $report = gettext('All plugins enabled');
$page = 'edit'; $result = NULL; $reports = array(); if (isset($_GET['id'])) { $result = getItem(sanitize($_GET['id'])); } if (isset($_GET['save'])) { XSRFdefender('update_menu'); if ($_POST['update']) { $result = updateMenuItem($reports); } else { $result = addItem($reports); } } if (isset($_GET['del'])) { XSRFdefender('delete_menu'); deleteItem($reports); } printAdminHeader('menu', is_array($result) && $result['id'] ? gettext('edit') : gettext('add')); ?> <link rel="stylesheet" href="../zenpage/zenpage.css" type="text/css" /> <?php $menuset = checkChosenMenuset(); ?> </head> <body> <?php printLogoAndLinks(); ?> <div id="main"> <?php
$themefiles_to_ext[getSuffix($file)][] = $file; // array(['php']=>array('file.php', 'image.php'),['css']=>array('style.css')) } else { unset($themefiles[$file]); // $themefile will eventually have all editable files and nothing else } } if (isset($_GET['file'])) { if (!in_array($themedir . '/' . $_GET['file'], $themefiles)) { $messages['errorbox'][] = gettext('Cannot edit this file!'); } $file_to_edit = str_replace('\\', '/', SERVERPATH . '/themes/' . internalToFilesystem($theme) . '/' . sanitize($_GET['file'])); } // Handle POST that updates a file if (isset($_POST['action']) && $_POST['action'] == 'edit_file' && $file_to_edit && !isset($messages['errorbox'])) { XSRFdefender('edit_theme'); $file_content = sanitize($_POST['newcontent'], 0); $theme = urlencode($theme); if (is_writeable($file_to_edit)) { //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable $f = @fopen($file_to_edit, 'w+'); if ($f !== FALSE) { @fwrite($f, $file_content); fclose($f); clearstatcache(); $messages['messagebox fade-message'][] = array(gettext('File updated successfully'), 'notebox'); } else { $messages['messagebox fade-message'][] = array(gettext('Could not write file. Please check its write permissions'), 'notebox'); } } else { $messages['errorbox'][] = gettext('Could not write file. Please check its write permissions');
$admins = $_zp_authority->getAdministrators('all'); $ordered = array(); foreach ($admins as $key => $admin) { if ($admin['valid']) { $ordered[$key] = $admin['date']; } } asort($ordered); $adminordered = array(); foreach ($ordered as $key => $user) { $adminordered[] = $admins[$key]; } $msg = NULL; if (isset($_GET['action'])) { $action = sanitize($_GET['action']); XSRFdefender($action); if ($action == 'expiry') { foreach ($_POST as $key => $action) { if (strpos($key, 'r_') === 0) { $userobj = $_zp_authority->getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key)))); if ($userobj) { switch ($action) { case 'delete': $userobj->remove(); break; case 'disable': $userobj->setValid(2); $userobj->save(); break; case 'enable': $userobj->setValid(1);
} if (!isset($_GET['page'])) { if (array_key_exists('options', $zenphoto_tabs)) { $_GET['page'] = 'options'; } else { $_GET['page'] = 'users'; // must be a user with no options rights } } $_current_tab = sanitize($_GET['page'], 3); /* handle posts */ if (isset($_GET['action'])) { $action = sanitize($_GET['action']); $themeswitch = false; if ($action == 'saveoptions') { XSRFdefender('saveoptions'); $table = NULL; $notify = ''; $returntab = ''; $themealbum = $themename = NULL; /* * * General options ** */ if (isset($_POST['savegeneraloptions'])) { $returntab = "&tab=general"; $tags = strtolower(sanitize($_POST['allowed_tags'], 0)); $test = "(" . $tags . ")"; $a = parseAllowedTags($test); if ($a) { setOption('allowed_tags', $tags); $notify = ''; } else { $notify = '?tag_parse_error=' . $a;
<?php /** * Use this utility to reset your album thumbnails to either "random" or from an ordered field query * * @package admin */ define('OFFSET_PATH', 3); require_once dirname(dirname(__FILE__)) . '/admin-globals.php'; require_once dirname(dirname(__FILE__)) . '/template-functions.php'; $buttonlist[] = array('category' => gettext('Database'), 'enable' => true, 'button_text' => gettext('Reset album thumbs'), 'formname' => 'reset_albumthumbs.php', 'action' => 'utilities/reset_albumthumbs.php', 'icon' => 'images/reset.png', 'title' => gettext('Reset album thumbnails to either random or most recent'), 'alt' => '', 'hidden' => '', 'rights' => MANAGE_ALL_ALBUM_RIGHTS | ADMIN_RIGHTS); admin_securityChecks(MANAGE_ALL_ALBUM_RIGHTS, $return = currentRelativeURL()); if (isset($_REQUEST['thumbtype']) || isset($_REQUEST['thumbselector'])) { XSRFdefender('reset_thumbs'); } $buffer = ''; $webpath = WEBPATH . '/' . ZENFOLDER . '/'; $zenphoto_tabs['overview']['subtabs'] = array(gettext('Thumbs') => ''); printAdminHeader('overview', 'thumbs'); echo '</head>'; ?> <body> <?php printLogoAndLinks(); ?> <div id="main"> <?php printTabs(); ?> <div id="content">
if (isset($_GET['action']) && $_GET['action'] == 'clear_rating') { if (!zp_loggedin(ADMIN_RIGHTS)) { // prevent nefarious access to this page. header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php?from=' . currentRelativeURL()); exitZP(); } require_once dirname(dirname(__FILE__)) . '/admin-functions.php'; if (session_id() == '') { // force session cookie to be secure when in https if (secureServer()) { $CookieInfo = session_get_cookie_params(); session_set_cookie_params($CookieInfo['lifetime'], $CookieInfo['path'], $CookieInfo['domain'], TRUE); } session_start(); } XSRFdefender('clear_rating'); query('UPDATE ' . prefix('images') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" '); query('UPDATE ' . prefix('albums') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" '); query('UPDATE ' . prefix('news') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" '); query('UPDATE ' . prefix('pages') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" '); header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php?action=external&msg=' . gettext('All ratings have been set to <em>unrated</em>.')); exitZP(); } } $plugin_is_filter = 5 | ADMIN_PLUGIN | THEME_PLUGIN; $plugin_description = gettext("Adds several theme functions to enable images, album, news, or pages to be rated by users. "); $plugin_author = "Stephen Billard (sbillard) and Malte Müller (acrylian)"; $option_interface = 'jquery_rating'; zp_register_filter('edit_album_utilities', 'jquery_rating::optionVoteStatus'); zp_register_filter('save_album_utilities_data', 'jquery_rating::optionVoteStatusSave'); zp_register_filter('admin_utilities_buttons', 'jquery_rating::rating_purgebutton');
<?php /** * * Collects and analyzes searches * * @author Stephen Billard (sbillard) * @package plugins */ define('OFFSET_PATH', 4); require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; admin_securityChecks(OVERVIEW_RIGHTS, currentRelativeURL()); if (isset($_GET['reset'])) { admin_securityChecks(ADMIN_RIGHTS, currentRelativeURL()); XSRFdefender('search_statistics'); $sql = 'DELETE FROM ' . prefix('plugin_storage') . ' WHERE `type`="search_statistics"'; query($sql); header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/search_statistics/search_analysis.php'); exitZP(); } $zenphoto_tabs['overview']['subtabs'] = array(gettext('Analysis') => ''); printAdminHeader('overview', 'analysis'); echo '</head>'; $sql = 'SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`="search_statistics"'; $data = query($sql); $ip_maxvalue = $criteria_maxvalue = $criteria_maxvalue_f = $terms_maxvalue = 1; $results_f = $results = $terms = $sites = array(); $bargraphmaxsize = 400; $maxiterations = array(); $opChars = array('(', ')', '&', '|', '!', ','); if ($data) {
if (!empty($admin['email']) && $currentadminuser != $admin['user']) { $button['enable'] = true; $button['title'] = gettext('A tool to send e-mails to all registered users who have provided an e-mail address.'); break; } } $buttons[] = $button; return $buttons; } } else { define('OFFSET_PATH', 3); chdir(dirname(dirname(__FILE__))); require_once dirname(dirname(__FILE__)) . '/admin-globals.php'; admin_securityChecks(NULL, currentRelativeURL()); if (isset($_GET['sendmail'])) { XSRFdefender('mailing_list'); } $admins = $_zp_authority->getAdministrators(); $zenphoto_tabs['overview']['subtabs'] = array(gettext('Mailing') => ''); printAdminHeader('overview', 'Mailing'); ?> </head> <body> <?php printLogoAndLinks(); ?> <div id="main"> <?php printTabs(); ?> <div id="content">
} $action = gettext('Checked tags deleted'); break; case 'assign': if (count($tags) > 0) { foreach ($tags as $tag) { $sql = 'UPDATE ' . prefix('tags') . ' SET `language`=' . db_quote($language) . ' WHERE `name`=' . db_quote($tag); query($sql); } } break; } } // tag action if (isset($_GET['rename'])) { XSRFdefender('tag_rename'); unset($_POST['XSRFToken']); foreach ($_POST as $key => $newName) { if (!empty($newName)) { $newName = sanitize($newName, 3); $key = substr($key, 2); // strip off the 'R_' $key = postIndexDecode(sanitize($key)); $newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName)); $oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key)); if (is_array($newtag)) { // there is an existing tag of the same name $existing = $newtag['id'] != $oldtag['id']; // but maybe it is actually the original in a different case. } else { $existing = false;