* @copyright WBCE Project (2015-)
 * @license GNU GPL2 (or any later version)
 */
// Print admin header
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
// suppress to print the header, so no new FTAN will be set
$admin = new admin('Access', 'groups_modify', false);
// Create a javascript back link
$js_back = ADMIN_URL . '/groups/index.php';
if (!$admin->checkFTAN()) {
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// Check if group group_id is a valid number and doesnt equal 1
$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
if ($group_id < 2) {
    // if($admin_header) { $admin->print_header(); }
    $admin->print_header();
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
}
// Gather details entered
$group_name = $admin->get_post_escaped('group_name');
// Check values
if ($group_name == "") {
    $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back);
}
// After check print the header
$admin->print_header();
// Get system permissions
require_once ADMIN_PATH . '/groups/get_permissions.php';
예제 #2
0
// Create admin object
require '../../config.php';
$admin = new admin('Media', 'media_rename', false);
// Include the WB functions file
// Get the current dir
$directory = $admin->get_get('dir');
$directory = $directory == '/' ? '' : $directory;
$dirlink = 'browse.php?dir=' . $directory;
$rootlink = 'browse.php?dir=';
// $file_id = intval($admin->get_get('id'));
// first Check to see if it contains ..
if (!check_media_path($directory)) {
    $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], $rootlink, false);
}
// Get the temp id
$file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
if (!$file_id) {
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false);
}
// Get home folder not to show
$home_folders = get_home_folders();
// Check for potentially malicious files
$forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD);
// Figure out what folder name the temp id is
if ($handle = opendir(WB_PATH . MEDIA_DIRECTORY . '/' . $directory)) {
    // Loop through the files and dirs an add to list
    while (false !== ($file = readdir($handle))) {
        $info = pathinfo($file);
        $ext = isset($info['extension']) ? $info['extension'] : '';
        if (substr($file, 0, 1) != '.' and $file != '.svn' and $file != 'index.php') {
            if (!preg_match('/' . $forbidden_file_types . '$/i', $ext)) {
예제 #3
0
 * @version         $Id: delete.php 1457 2011-06-25 17:18:50Z Luisehahne $
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/admin/pages/delete.php $
 * @lastmodified    $Date: 2011-06-25 19:18:50 +0200 (Sa, 25. Jun 2011) $
 *
 */
// Create new admin object and print admin header
if (!defined('WB_PATH')) {
    require dirname(dirname(__DIR__)) . '/config.php';
}
if (!class_exists('admin', false)) {
    require WB_PATH . '/framework/class.admin.php';
}
$admin = new admin('Pages', 'pages_delete');
// Include the WB functions file
require_once WB_PATH . '/framework/functions.php';
if (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) {
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
    exit;
}
// Get perms
if (!$admin->get_page_permission($page_id, 'admin')) {
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Find out more about the page
$query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'";
$results = $database->query($query);
if ($database->is_error()) {
    $admin->print_error($database->get_error());
}
if ($results->numRows() == 0) {
    $admin->print_error($MESSAGE['PAGES_NOT_FOUND']);
 * @platform        WebsiteBaker 2.8.3
 * @requirements    PHP 5.3.6 and higher
 * @version         $Id: save_droplet.php 1503 2011-08-18 02:18:59Z Luisehahne $
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/droplets/save_droplet.php $
 * @lastmodified    $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $
 *
 */
require dirname(dirname(dirname(__DIR__))) . '/config.php';
if (!class_exists('admin', false)) {
    require WB_PATH . '/framework/class.admin.php';
}
// Include WB admin wrapper script
$admintool_link = ADMIN_URL . '/admintools/index.php';
$ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$admin = new admin('admintools', 'admintools', false);
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post'));
if (!$admin->checkFTAN() || !$droplet_id) {
    $admin->print_header();
    $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
    $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
    $title = $admin->add_slashes($admin->get_post('title'));
    $active = (int) $admin->get_post('active');
    $admin_view = (int) $admin->get_post('admin_view');
    $admin_edit = (int) $admin->get_post('admin_edit');
    $show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
    $description = $admin->add_slashes($admin->get_post('description'));
// Include WB admin wrapper script
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
if (file_exists(ADMIN_PATH . '/admintools/tool.php')) {
    $admintool_link = ADMIN_URL . '/admintools/index.php';
    $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets';
    $admin = new admin('admintools', 'admintools', false);
} else {
    $admintool_link = ADMIN_URL . '/settings/index.php?advanced=yes#administration_tools"';
    $module_edit_link = ADMIN_URL . '/settings/tool.php?tool=droplets';
    $admin = new admin('Settings', 'settings_advanced', false);
}
// Get id
if (version_compare(WB_VERSION, '2.8.2', '>=') && WB_VERSION != "2.8.x") {
    $droplet_id = $admin->checkIDKEY('droplet_id', false, 'POST');
    if (!$droplet_id) {
        $admin->print_header();
        $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
        exit;
    }
    if (!$admin->checkFTAN()) {
        $admin->print_header();
        $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
        exit;
    }
} else {
    if (isset($_POST['droplet_id']) && is_numeric($_POST['droplet_id'])) {
        $droplet_id = $_POST['droplet_id'];
    } else {
        header("Location: " . ADMIN_URL . "/pages/index.php");
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$page_id = intval(isset(${$requestMethod}['page_id']) ? ${$requestMethod}['page_id'] : 0);
$action = $page_id ? 'show' : $action;
// Get section id if there is one
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$section_id = isset(${$requestMethod}['section_id']) ? ${$requestMethod}['section_id'] : 0;
$action = $section_id ? 'delete' : $action;
// Get module if there is one
$requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']);
$module = isset(${$requestMethod}['module']) ? ${$requestMethod}['module'] : 0;
$action = $module != '' ? 'add' : $action;
$admin_header = true;
$backlink = ADMIN_URL . '/pages/sections.php?page_id=' . (int) $page_id;
switch ($action) {
    case 'delete':
        if (!($section_id = intval($admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD'])))) {
            if ($admin_header) {
                $admin->print_header();
            }
            $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
        }
        $action = 'show';
        $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ';
        $sql .= 'WHERE `section_id` =' . $section_id;
        if (($modulname = $database->get_one($sql)) == $module && $section_id > 0) {
            // Include the modules delete file if it exists
            if (file_exists(WB_PATH . '/modules/' . $modulname . '/delete.php')) {
                require WB_PATH . '/modules/' . $modulname . '/delete.php';
            }
            $sql = 'DELETE FROM `' . TABLE_PREFIX . 'sections` ';
            $sql .= 'WHERE `section_id` =' . (int) $section_id . ' LIMIT 1';
 $admin = new admin('admintools', 'admintools', false, false);
 if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) {
     $aJsonRespond['message'] = 'insuficcient rights';
     exit(json_encode($aJsonRespond));
 }
 // Sanitize variables
 $action = $admin->add_slashes($_POST['action']);
 if ($action == "updatePosition") {
     $i = array();
     $i_keys = array();
     foreach (opf_get_types() as $type => $typename) {
         $i[$type] = 1;
         $i_keys[] = $type;
     }
     foreach ($aRows as $recID) {
         $id = $admin->checkIDKEY($recID, 0, 'key', true);
         $filter = opf_get_data($id);
         $type = $filter['type'];
         // now we sanitize array
         $qstring = "UPDATE `" . TABLE_PREFIX . "mod_outputfilter_dashboard`" . " SET `position` = '" . $i[$type] . "'" . " WHERE `id` = " . intval($id) . " ";
         if (!opf_db_run_query($qstring)) {
             $aJsonRespond['success'] = false;
             $aJsonRespond['message'] = 'db query failed: ' . opf_db_get_error();
             $aJsonRespond['icon'] = 'cancel.gif';
             exit(json_encode($aJsonRespond));
         }
         $i[$type]++;
     }
 } else {
     $aJsonRespond['message'] = 'wrong arguments "$action"';
     exit(json_encode($aJsonRespond));
예제 #8
0
 case 'add_droplet':
     ob_start();
     extract($aQuery, EXTR_PREFIX_SAME, "dr");
     if (is_readable($sCommand)) {
         include $sCommand;
     }
     $sCommand = $ModulePath . 'commands/' . 'modify_droplet.php';
     if (is_readable($sCommand)) {
         include $sCommand;
     }
     $output = ob_get_clean();
     break;
 case 'modify_droplet':
     ob_start();
     extract($aQuery, EXTR_PREFIX_SAME, "dr");
     $droplet_id = intval($admin->checkIDKEY($droplet_id, false, ''));
     if (is_readable($sCommand)) {
         include $sCommand;
     }
     $output = ob_get_clean();
     break;
 case 'backup_droplets':
     ob_start();
     extract($aQuery, EXTR_PREFIX_SAME, "dr");
     if (is_readable($sCommand)) {
         include $sCommand;
     }
     $output = ob_get_clean();
     break;
 case 'import_droplets':
     ob_start();
 * @lastmodified    $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $
 *
 */
// tool_edit.php
require_once '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
// create admin object depending on platform (admin tools were moved out of settings with WB 2.7)
$admin = new admin('admintools', 'admintools');
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$template_edit_link = ADMIN_URL . '/admintools/tool.php?tool=templateedit';
$sOverviewDroplets = $TEXT['LIST_OPTIONS'];
// protect from CSRF
if (version_compare(WB_VERSION, '2.8.2', '>=') && WB_VERSION != "2.8.x") {
    $id = intval($admin->checkIDKEY('id', false, 'GET'));
    if (!$id or $id != 999) {
        $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
        exit;
    }
}
?>
<h4 style="margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px;">
	<a href="<?php 
echo $admintool_link;
?>
" title="<?php 
echo $HEADING['ADMINISTRATION_TOOLS'];
?>
"><?php 
echo $HEADING['ADMINISTRATION_TOOLS'];