/** * Kill user session. * * @return void */ function kill_session() { if (isset($_GET['kill']) && $_GET['kill'] !== '' && isset($_GET['username'])) { $username = clean_input($_GET['username']); $sessionId = clean_input($_GET['kill']); // Getting current session id $currentSessionId = session_id(); // Closing current session session_write_close(); // Switch to session to handle session_id($sessionId); session_start(); if (isset($_GET['logout_only'])) { iMSCP_Authentication::getInstance()->unsetIdentity(); session_write_close(); $message = tr('User successfully disconnected.'); } else { iMSCP_Authentication::getInstance()->unsetIdentity(); session_destroy(); $message = tr('User session successfully destroyed.'); } // Restore session session_id($currentSessionId); session_start(); set_page_message($message, 'success'); write_log($_SESSION['user_logged'] . ": has disconnected {$username} or destroyed its session", E_USER_NOTICE); } elseif (isset($_GET['own'])) { set_page_message(tr("You are not allowed to act on your own session."), 'warning'); } }
function exe_login($user, $pass) { $user = clean_input($user); $pass = clean_input($pass); $sql = 'SELECT `accountID`,`fullname`,`email` FROM `accounts` WHERE `username` ="' . $user . '" AND `password` = "' . md5($pass) . '" '; $result = mysql_query($sql); $row = mysql_fetch_row($result); $uID = $row[0]; $full = $row[1]; $email = $row[2]; $count = mysql_num_rows($result); if ($count == 1) { $_SESSION = array(); $_SESSION['SSID'] = session_id(); $_SESSION['Full'] = $full; $_SESSION['User'] = $user; $_SESSION['UserID'] = $uID; $_SESSION['Email'] = $email; session_regenerate_id(); return true; } }
public function add_research() { $exists = $this->research_and_development->check_research_title_exist(clean_input($this->input->post('title'))); if ($exists) { $this->session->set_flashdata('check', 'Research Title already exist.'); redirect('researches/research_form'); } else { if ($this->input->post() != NULL) { $data = array('research_title' => ucwords($this->cleaned_input($this->input->post('title'))), 'date' => date('Y-m-d', strtotime(str_replace('-', '/', $this->input->post('date_published')))), 'location_address' => ucwords($this->clean_input($this->input->post('address'))), 'location_city' => ucwords($this->clean_input($this->input->post('selected_city_municipality'))), 'approved_budget' => floatval($this->input->post('approved_budget')), 'duration_start' => $this->input->post('date_started'), 'duration_end' => $this->input->post('date_ended'), 'category' => ucwords($this->clean_input($this->input->post('category'))), 'status' => ucwords($this->clean_input($this->input->post('status'))), 'abstract' => $this->clean_html($this->input->post('abstract')), 'rationale' => $this->clean_html($this->input->post('rationale')), 'objectives' => $this->clean_html($this->input->post('objectives')), 'methodology' => $this->clean_html($this->input->post('methodology')), 'results_and_discussions' => $this->clean_html($this->input->post('results_and_discussions')), 'recommendation' => $this->clean_html($this->input->post('recommendation'))); $research_id = $this->research_and_development->add_research($data); foreach ($this->input->post('selected_researchers') as $value) { $data = array('research_id' => $research_id, 'researcher_id' => $value); $this->research_and_development->add_study_researchers($data); } foreach ($this->input->post('selected_implement_agency') as $value) { $data = array('research_id' => $research_id, 'implementing_agency_id' => $value); $this->research_and_development->add_research_implementor($data); } foreach ($this->input->post('selected_fund_agency') as $value) { $data = array('research_id' => $research_id, 'funding_agency_id' => $value); $this->research_and_development->add_research_funder($data); } if ($data != NULL) { $this->session->set_flashdata('notification', 'New Data is save!'); $this->session->set_flashdata('alert', 'success'); } redirect('researches/research_individual/' . $research_id); } else { $this->research_form(); } } }
/** * Activate autoresponder of the given mail account with the given autoreponder message * * @param int $mailAccountId Mail account id * @param string $autoresponderMessage Auto-responder message * @return void */ function client_ActivateAutoresponder($mailAccountId, $autoresponderMessage) { $autoresponderMessage = clean_input($autoresponderMessage); if ($autoresponderMessage == '') { set_page_message(tr('Auto-responder message cannot be empty.'), 'error'); redirectTo("mail_autoresponder_enable.php?mail_account_id={$mailAccountId}"); } else { $db = iMSCP_Database::getInstance(); try { $db->beginTransaction(); $query = "SELECT `mail_addr` FROM `mail_users` WHERE `mail_id` = ?"; $stmt = exec_query($query, $mailAccountId); $query = ' UPDATE `mail_users` SET `status` = ?, `mail_auto_respond` = ?, `mail_auto_respond_text` = ? WHERE `mail_id` = ? '; exec_query($query, array('tochange', 1, $autoresponderMessage, $mailAccountId)); // Purge autoreplies log entries delete_autoreplies_log_entries(); $db->commit(); // Ask iMSCP daemon to trigger engine dispatcher send_request(); write_log(sprintf("%s: activated auto-responder for the '%s' mail account", $_SESSION['user_logged'], $stmt->fields['mail_addr']), E_USER_NOTICE); set_page_message(tr('Auto-responder successfully scheduled for activation.'), 'success'); } catch (iMSCP_Exception_Database $e) { $db->rollBack(); throw $e; } } }
/** * @todo What's about the outcommented code? */ function update_server_settings() { $sql = EasySCP_Registry::get('Db'); if (!isset($_POST['uaction']) && !isset($_POST['uaction'])) { return; } /*global $data; $match = array(); preg_match("/^(-1|0|[1-9][0-9]*)$/D", $data, $match);*/ $max_traffic = clean_input($_POST['max_traffic']); $traffic_warning = $_POST['traffic_warning']; if (!is_numeric($max_traffic) || !is_numeric($traffic_warning)) { set_page_message(tr('Wrong data input!'), 'warning'); } if ($traffic_warning > $max_traffic) { set_page_message(tr('Warning traffic is bigger than max traffic!'), 'warning'); return; } if ($max_traffic < 0) { $max_traffic = 0; } if ($traffic_warning < 0) { $traffic_warning = 0; } $query = "\n\t\tUPDATE\n\t\t\t`straff_settings`\n\t\tSET\n\t\t\t`straff_max` = ?,\n\t\t\t`straff_warn` = ?\n\t"; exec_query($sql, $query, array($max_traffic, $traffic_warning)); set_page_message(tr('Server traffic settings updated successfully!'), 'success'); }
/** * Get post value * * @param string $id Data identifier * @param string $defaultValue Value returned in case Data has not been found in $_POST * @return string */ function client_getPost($id, $defaultValue = '') { if (array_key_exists($id, $_POST)) { return clean_input($_POST[$id]); } return $defaultValue; }
/** * Generates directories list. * * @param iMSCP_pTemplate $tpl Template engine instance * @return void */ function client_generateDirectoriesList($tpl) { // Initialize variables $path = isset($_GET['cur_dir']) ? clean_input($_GET['cur_dir']) : ''; $domain = $_SESSION['user_logged']; // Create the virtual file system and open it so it can be used $vfs = new iMSCP_VirtualFileSystem($domain); // Get the directory listing $list = $vfs->ls($path); if (!$list) { set_page_message(tr('Unable to retrieve directories list for your domain. Please contact your reseller.'), 'error'); $tpl->assign('FTP_CHOOSER', ''); return; } // Show parent directory link $parent = explode('/', $path); array_pop($parent); $parent = implode('/', $parent); $tpl->assign(array('ACTION_LINK' => '', 'ACTION' => '', 'ICON' => 'parent', 'DIR_NAME' => tr('Parent directory'), 'LINK' => "ftp_choose_dir.php?cur_dir={$parent}")); $tpl->parse('DIR_ITEM', '.dir_item'); // Show directories only foreach ($list as $entry) { $directory = $path . '/' . $entry['file']; if ($entry['type'] != iMSCP_VirtualFileSystem::VFS_TYPE_DIR || ($entry['file'] == '.' || $entry['file'] == '..') || !isAllowedDir(get_user_domain_id($_SESSION['user_id']), $directory)) { continue; } // Create the directory link $tpl->assign(array('DIR_NAME' => tohtml($entry['file']), 'CHOOSE_IT' => $directory, 'LINK' => 'ftp_choose_dir.php?cur_dir=' . $directory)); $tpl->parse('ACTION_LINK', 'action_link'); $tpl->parse('DIR_ITEM', '.dir_item'); } }
/** * Returns reseller data * * @return array Reference to array of data */ function &admin_getData() { static $data = null; if (null === $data) { $stmt = exec_query('SELECT ip_id, ip_number FROM server_ips ORDER BY ip_number'); if ($stmt->rowCount()) { $data['server_ips'] = $stmt->fetchAll(); } else { set_page_message(tr('Unable to get the IP address list. Please fix this problem.'), 'error'); redirectTo('manage_users.php'); } $phpini = iMSCP_PHPini::getInstance(); foreach (array('admin_name' => '', 'password' => '', 'password_confirmation' => '', 'fname' => '', 'lname' => '', 'gender' => 'U', 'firm' => '', 'zip' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'phone' => '', 'fax' => '', 'street1' => '', 'street2' => '', 'max_dmn_cnt' => '0', 'max_sub_cnt' => '0', 'max_als_cnt' => '0', 'max_mail_cnt' => '0', 'max_ftp_cnt' => '0', 'max_sql_db_cnt' => '0', 'max_sql_user_cnt' => '0', 'max_traff_amnt' => '0', 'max_disk_amnt' => '0', 'software_allowed' => 'no', 'softwaredepot_allowed' => 'no', 'websoftwaredepot_allowed' => 'no', 'support_system' => 'yes', 'customer_id' => '', 'php_ini_system' => $phpini->getResellerPermission('phpiniSystem'), 'php_ini_al_allow_url_fopen' => $phpini->getResellerPermission('phpiniAllowUrlFopen'), 'php_ini_al_display_errors' => $phpini->getResellerPermission('phpiniDisplayErrors'), 'php_ini_al_disable_functions' => $phpini->getResellerPermission('phpiniDisableFunctions'), 'php_ini_al_mail_function' => $phpini->getResellerPermission('phpiniMailFunction'), 'post_max_size' => $phpini->getResellerPermission('phpiniPostMaxSize'), 'upload_max_filesize' => $phpini->getResellerPermission('phpiniUploadMaxFileSize'), 'max_execution_time' => $phpini->getResellerPermission('phpiniMaxExecutionTime'), 'max_input_time' => $phpini->getResellerPermission('phpiniMaxInputTime'), 'memory_limit' => $phpini->getResellerPermission('phpiniMemoryLimit')) as $key => $value) { if (isset($_POST[$key])) { $data[$key] = clean_input($_POST[$key]); } else { $data[$key] = $value; } } if (isset($_POST['reseller_ips']) && is_array($_POST['reseller_ips'])) { foreach ($_POST['reseller_ips'] as $key => $value) { $_POST['reseller_ips'][$key] = clean_input($value); } $data['reseller_ips'] = $_POST['reseller_ips']; } else { // We are safe here $data['reseller_ips'] = array(); } } return $data; }
/** * @param $tpl */ function gen_page_data($tpl) { if (isset($_POST['uaction']) && $_POST['uaction'] === 'send_delmessage') { $tpl->assign('DELETE_MESSAGE_TEXT', clean_input($_POST['delete_msg_text'], false)); } else { $tpl->assign(array('DELETE_MESSAGE_TEXT' => '', 'MESSAGE' => '')); } }
/** * Verify if SSL key and certificate match * @param $key * @param $cert * @return bool */ public static function checkSSLKey($key, $cert) { if (openssl_x509_check_private_key(clean_input($cert), clean_input($key))) { return true; } else { return false; } }
function LcmFollowup($id_fu = 0, $id_case = 0) { $id_fu = intval($id_fu); $id_case = intval($id_case); $this->data = array(); if ($id_fu > 0) { $query = "SELECT fu.*, a.name_first, a.name_middle, a.name_last, " . lcm_query_subst_time('fu.date_start', 'fu.date_end') . " as length\n\t\t\t\t\tFROM lcm_followup as fu, lcm_author as a\n\t\t\t\t\tWHERE id_followup = {$id_fu}\n\t\t\t\t\t AND fu.id_author = a.id_author"; $result = lcm_query($query); if ($row = lcm_fetch_array($result)) { foreach ($row as $key => $val) { $this->data[$key] = $val; } } } else { if ($id_case > 0) { $this->data['id_case'] = $id_case; } // Dates $this->data['date_start'] = date('Y-m-d H:i:s'); // '2004-09-16 16:32:37' $this->data['date_end'] = date('Y-m-d H:i:s'); // '2004-09-16 16:32:37' // Set appointment start/end/reminder times to current time $this->data['app_start_time'] = date('Y-m-d H:i:s'); $this->data['app_end_time'] = date('Y-m-d H:i:s'); $this->data['app_reminder'] = date('Y-m-d H:i:s'); if (isset($_REQUEST['stage'])) { $this->data['new_stage'] = _request('stage'); } if (isset($_REQUEST['type'])) { $this->data['type'] = _request('type'); } } // If any, populate form values submitted foreach ($_REQUEST as $key => $value) { $nkey = $key; if (substr($key, 0, 3) == 'fu_') { $nkey = substr($key, 3); } $this->data[$nkey] = clean_input(_request($key)); } // If any, populate with session variables (for error reporting) if (isset($_SESSION['form_data']) && count($_SESSION['errors'])) { foreach ($_SESSION['form_data'] as $key => $value) { $nkey = $key; if (substr($key, 0, 3) == 'fu_') { $nkey = substr($key, 3); } $this->data[$nkey] = clean_input(_session($key)); } } // date_start if (get_datetime_from_array($_SESSION['form_data'], 'start', 'start', -1, false) != -1) { $this->data['date_start'] = get_datetime_from_array($_SESSION['form_data'], 'start', 'start', '', false); } }
function clean_input(&$pArray) { while (list($key, $value) = each($pArray)) { if (is_array($pArray[$key])) { clean_input($pArray); } else { $pArray[$key] = preg_replace('/[<>]/', '', $value); } } }
/** * Update Ftp account * * @param string $userid Ftp userid * @param string $mainDomainName Main domain name * @return bool TRUE on success, FALSE on failure */ function updateFtpAccount($userid, $mainDomainName) { $ret = true; if (!empty($_POST['password'])) { if (empty($_POST['password_repeat']) || $_POST['password'] !== $_POST['password_repeat']) { set_page_message(tr("Passwords do not match."), 'error'); $ret = false; } if (!checkPasswordSyntax($_POST['password'])) { $ret = false; } $rawPassword = $_POST['password']; $password = cryptPasswordWithSalt($rawPassword); } if (isset($_POST['home_dir'])) { $homeDir = clean_input($_POST['home_dir']); if ($homeDir != '/' && $homeDir != '') { // Strip possible double-slashes $homeDir = str_replace('//', '/', $homeDir); // Check for updirs '..' if (strpos($homeDir, '..') !== false) { set_page_message(tr('Invalid home directory.'), 'error'); $ret = false; } if ($ret) { $vfs = new iMSCP_VirtualFileSystem($mainDomainName); // Check for directory existence if (!$vfs->exists($homeDir)) { set_page_message(tr("Home directory '%s' doesn't exist", $homeDir), 'error'); $ret = false; } } } } else { showBadRequestErrorPage(); exit; } if ($ret) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditFtp, array('ftpUserId' => $userid)); /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $homeDir = rtrim(str_replace('//', '/', $cfg->USER_WEB_DIR . '/' . $mainDomainName . '/' . $homeDir), '/'); if (isset($rawPassword) && isset($password) && isset($homeDir)) { $query = "UPDATE `ftp_users` SET `passwd` = ?, `rawpasswd` = ?, `homedir` = ? WHERE `userid` = ?"; exec_query($query, array($password, $rawPassword, $homeDir, $userid)); } else { $query = "UPDATE `ftp_users` SET `homedir` = ? WHERE `userid` = ?"; exec_query($query, array($homeDir, $userid)); } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditFtp, array('ftpUserId' => $userid)); write_log(sprintf("%s updated Ftp account: %s", $_SESSION['user_logged'], $userid), E_USER_NOTICE); set_page_message(tr('FTP account successfully updated.'), 'success'); } return $ret; }
/** * Generate page * * @param $tpl iMSCP_pTemplate * @param iMSCP_Plugin_Manager $pluginManager * @param int $resellerId * @param int $customerAdminId * @return void */ function ownddnsSettings($tpl, $pluginManager) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); $htmlChecked = $cfg->HTML_CHECKED; if (($plugin = $pluginManager->loadPlugin('OwnDDNS', false, false)) !== null) { $pluginConfig = $plugin->getConfig(); } else { set_page_message(tr("Can't load plugin configuration!"), 'error'); redirectTo('index.php'); } if (isset($_REQUEST['action'])) { $action = clean_input($_REQUEST['action']); if ($action === 'change') { $error = false; $max_allowed_accounts = clean_input($_POST['max_allowed_accounts']); $max_accounts_lenght = clean_input($_POST['max_accounts_lenght']); $update_repeat_time = clean_input($_POST['update_repeat_time']); $update_ttl_time = clean_input($_POST['update_ttl_time']); $current_update_ttl_time = clean_input($_POST['current_update_ttl_time']); $debugOwnddns = clean_input($_POST['debug']); $use_base64_encoding = clean_input($_POST['use_base64_encoding']); $account_name_blacklist = explode(';', clean_input($_POST['account_name_blacklist'])); $debugOwnddns = $debugOwnddns == 'yes' ? TRUE : FALSE; $use_base64_encoding = $use_base64_encoding == 'yes' ? TRUE : FALSE; if (!is_numeric($max_allowed_accounts) || !is_numeric($max_accounts_lenght) || !is_numeric($update_repeat_time) || !is_numeric($update_ttl_time)) { set_page_message(tr("Wrong values in your config."), 'error'); $error = true; } if ($update_ttl_time < 60) { set_page_message(tr("Value for dns TTL update time to small (min. 60)."), 'error'); $error = true; } if (!$error) { $configOwnddns = array('debug' => $debugOwnddns, 'use_base64_encoding' => $use_base64_encoding, 'max_allowed_accounts' => $max_allowed_accounts, 'max_accounts_lenght' => $max_accounts_lenght, 'update_repeat_time' => $update_repeat_time, 'update_ttl_time' => $update_ttl_time, 'account_name_blacklist' => $account_name_blacklist); exec_query(' UPDATE `plugin` SET `plugin_config` = ? WHERE `plugin_name` = ? ', array(json_encode($configOwnddns), 'OwnDDNS')); if ($update_ttl_time != $current_update_ttl_time) { removeOwnDDNSDnsEntries(); revokeOwnDDNSDnsEntries($update_ttl_time); } set_page_message(tr('The OwnDDNS settings updated successfully.'), 'success'); } redirectTo('ownddns.php'); } } $tpl->assign(array('OWNDDNS_DEBUG_YES' => $pluginConfig['debug'] === TRUE ? $htmlChecked : '', 'OWNDDNS_DEBUG_NO' => $pluginConfig['debug'] === FALSE ? $htmlChecked : '', 'OWNDDNS_BASE64_YES' => $pluginConfig['use_base64_encoding'] === TRUE ? $htmlChecked : '', 'OWNDDNS_BASE64_NO' => $pluginConfig['use_base64_encoding'] === FALSE ? $htmlChecked : '', 'MAX_ALLOWED_ACCOUNTS' => $pluginConfig['max_allowed_accounts'], 'MAX_ACCOUNTS_LENGHT' => $pluginConfig['max_accounts_lenght'], 'MAX_UPDATE_REPEAT_TIME' => $pluginConfig['update_repeat_time'], 'MAX_UPDATE_TTL_TIME' => $pluginConfig['update_ttl_time'], 'ACCOUNT_NAME_BLACKLIST' => implode(';', $pluginConfig['account_name_blacklist']))); }
/** * Check input data * * @return void */ function reseller_checkData() { $cfg = iMSCP_Registry::get('config'); if (!isset($_POST['dmn_name']) || $_POST['dmn_name'] === '') { set_page_message(tr('Domain name cannot be empty.'), 'error'); return; } $dmnName = clean_input($_POST['dmn_name']); global $dmnNameValidationErrMsg; if (!isValidDomainName($dmnName)) { set_page_message($dmnNameValidationErrMsg, 'error'); return; } // www is considered as an alias of the domain while (strpos($dmnName, 'www.') !== false) { $dmnName = substr($dmnName, 4); } $asciiDmnName = encode_idna($dmnName); if (imscp_domain_exists($asciiDmnName, $_SESSION['user_id']) || $asciiDmnName == $cfg['BASE_SERVER_VHOST']) { set_page_message(tr('Domain %s is unavailable.', "<strong>{$dmnName}</strong>"), 'error'); return; } if ((!isset($_POST['datepicker']) || $_POST['datepicker'] === '') && !isset($_POST['never_expire'])) { set_page_message(tr('Domain expiration date must be filled.'), 'error'); return; } $dmnExpire = isset($_POST['datepicker']) ? @strtotime(clean_input($_POST['datepicker'])) : 0; if ($dmnExpire === false) { set_page_message('Invalid expiration date.', 'error'); return; } $hpId = isset($_POST['dmn_tpl']) ? clean_input($_POST['dmn_tpl']) : 0; $customizeHp = $hpId > 0 && isset($_POST['chtpl']) ? $_POST['chtpl'] : '_no_'; if ($hpId == 0 || $customizeHp == '_yes_') { $_SESSION['dmn_name'] = $asciiDmnName; $_SESSION['dmn_expire'] = $dmnExpire; $_SESSION['dmn_tpl'] = $hpId; $_SESSION['chtpl'] = '_yes_'; $_SESSION['step_one'] = '_yes_'; redirectTo('user_add2.php'); } if (reseller_limits_check($_SESSION['user_id'], $hpId)) { $_SESSION['dmn_name'] = $asciiDmnName; $_SESSION['dmn_expire'] = $dmnExpire; $_SESSION['dmn_tpl'] = $hpId; $_SESSION['chtpl'] = $customizeHp; $_SESSION['step_one'] = '_yes_'; redirectTo('user_add3.php'); } set_page_message(tr('Hosting plan limits exceed reseller limits.'), 'error'); }
function getFormInput($inputName, $sqlQueryStart, $sqlQueryEnd, $inputType) { $queryName = ''; if (isset($_GET[$inputName]) && $_GET[$inputName] != '' && $_GET[$inputName] != "All") { $input = clean_input($_GET[$inputName]); if ($inputType == "Interger") { validateInteger($input, $inputName . "Error"); } elseif ($inputType == "String") { validateStringLength($input, $inputName . "Error"); validateString($input, $inputName . "Error"); } $queryName = $sqlQueryStart . $input . $sqlQueryEnd; } return $queryName; }
/** * * @param Template $template * @param array $to Array containing elements "email", "firstname", and "lastname" * @param array $from Array containing elements "email", "firstname", and "lastname" * @param string $language * @param array $bind_array Array of template variables to be bound to the template * @throws RuntimeException * @return boolean */ public function send(Template $template, array $to, array $from, $language, array $bind_array = array()) { $result = $template->getResult($bind_array, array("lang" => $language)); $mail = $this->_mail_handler; $mail->clearFrom(); $mail->setFrom($from["email"], implode(" ", array($from["firstname"], $from["lastname"]))); $mail->clearSubject(); $mail->setSubject($result->subject); $mail->setBodyText(clean_input($result->body, "emailcontent")); $mail->clearRecipients(); $mail->addTo($to["email"], implode(" ", array($to["firstname"], $to["lastname"]))); if ($mail->send()) { return true; } throw new RuntimeException("Failed to send email"); }
/** * Update user data * * @param int $userId Customer unique identifier * @return void */ function admin_updateUserData($userId) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $userId)); $fname = isset($_POST['fname']) ? clean_input($_POST['fname']) : ''; $lname = isset($_POST['lname']) ? clean_input($_POST['lname']) : ''; $firm = isset($_POST['firm']) ? clean_input($_POST['firm']) : ''; $gender = isset($_POST['gender']) ? clean_input($_POST['gender']) : ''; $zip = isset($_POST['zip']) ? clean_input($_POST['zip']) : ''; $city = isset($_POST['city']) ? clean_input($_POST['city']) : ''; $state = isset($_POST['state']) ? clean_input($_POST['state']) : ''; $country = isset($_POST['country']) ? clean_input($_POST['country']) : ''; $email = isset($_POST['email']) ? clean_input($_POST['email']) : ''; $phone = isset($_POST['phone']) ? clean_input($_POST['phone']) : ''; $fax = isset($_POST['fax']) ? clean_input($_POST['fax']) : ''; $street1 = isset($_POST['street1']) ? clean_input($_POST['street1']) : ''; $street2 = isset($_POST['street2']) ? clean_input($_POST['street2']) : ''; $userName = get_user_name($userId); if (empty($_POST['password'])) { $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?, `country` = ?, `email` = ?,\n\t\t\t\t`phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId)); } else { $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`admin_pass` = ?, `fname` = ?, `lname` = ?, `firm` = ?, `zip` = ?, `city` = ?, `state` = ?,\n\t\t\t\t`country` = ?, `email` = ?, `phone` = ?, `fax` = ?, `street1` = ?, `street2` = ?, `gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t\t"; exec_query($query, array(cryptPasswordWithSalt($_POST['password']), $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $userId)); $query = "DELETE FROM `login` WHERE `user_name` = ?"; $stmt = exec_query($query, $userName); if ($stmt->rowCount()) { set_page_message(tr('User session successfully killed for password change.'), 'success'); } } iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $userId)); if (isset($_POST['send_data']) && !empty($_POST['password'])) { $query = 'SELECT `admin_type` FROM `admin` WHERE `admin_id` = ?'; $stmt = exec_query($query, $userId); if ($stmt->fields['admin_type'] == 'admin') { $admin_type = tr('Administrator'); } elseif ($stmt->fields['admin_type'] == 'reseller') { $admin_type = tr('Reseller'); } else { $admin_type = tr('Customer'); } send_add_user_auto_msg($userId, $userName, $_POST['password'], $_POST['email'], $_POST['fname'], $_POST['lname'], $admin_type); set_page_message(tr('Login data successfully sent to %s.', $userName), 'success'); } }
public static function fromArray(array $arr, $mode = false) { $klass = get_called_class(); $o = new $klass(); //if the class implements the Validation interface, fetch the required fields and field rules and enforce and required fields if ($mode != "fetch" && in_array('Validation', class_implements($o))) { $req_fields = $o->fetchRequiredFields($mode); $field_rules = $o->fetchFieldRules($mode); foreach ($req_fields as $field) { if (!isset($arr[$field]) || !trim($arr[$field])) { if (!isset($o->{$field}) || !trim($o->{$field})) { $field_split = explode("_", $field); foreach ($field_split as $key => $field_segment) { $field_split[$key] = ucwords($field_segment); } $field_text = implode(" ", $field_split); add_error("<strong>" . $field_text . "</strong> is a required field. Please ensure you've provided a value."); $o->VALID = false; } } } } else { //if Validation not implemented, no fields are considered required and basic string cleaning will be done $field_rules = false; } //Cleans and sets each field //foreach value in the array (likely $_POST), clean using the rules for that field, or if no rules defined do string cleaning foreach ($arr as $field => $value) { if ($field_rules && isset($field_rules[$field])) { /** * @todo Determine the best way to clean AND validate * ex: if the field is int, and 'abc' it the value, have it return an error message * will likely need to use filter_vars in place of clean_input */ $cleaned = clean_input($arr[$field], $field_rules[$field]); $o->{$field} = $cleaned; } else { //if no cleaning rule specified, default to basic string cleaning $cleaned = clean_input($arr[$field], array("trim", "notags")); $o->{$field} = $cleaned; } } return $o; }
/** * Update SQL user password * * @param int $id Sql user id * @param string $user Sql user name * @param string $host SQL user host * @çeturn void */ function client_updateSqlUserPassword($id, $user, $host) { if (!isset($_POST['uaction'])) { return; } if (!isset($_POST['password']) || !isset($_POST['password_confirmation'])) { showBadRequestErrorPage(); } $password = clean_input($_POST['password']); $passwordConf = clean_input($_POST['password_confirmation']); if ($password === '') { set_page_message(tr('Password cannot be empty.'), 'error'); return; } if ($passwordConf === '') { set_page_message(tr('Please confirm the password.'), 'error'); return; } if ($password !== $passwordConf) { set_page_message(tr('Passwords do not match.'), 'error'); return; } if (!checkPasswordSyntax($password)) { return; } $config = iMSCP_Registry::get('config'); $mysqlConfig = new iMSCP_Config_Handler_File($config['CONF_DIR'] . '/mysql/mysql.data'); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditSqlUser, array('sqlUserId' => $id)); // Here we cannot use transaction due to statements that cause an implicit commit. Thus we execute // those statements first to let the i-MSCP database in clean state if one of them fails. // See https://dev.mysql.com/doc/refman/5.7/en/implicit-commit.html for more details // Update SQL user password in the mysql system tables; if (strpos('mariadb', $config['SQL_SERVER']) !== false || version_compare($mysqlConfig['SQLD_VERSION'], '5.7.6', '<')) { exec_query('SET PASSWORD FOR ?@? = PASSWORD(?)', array($user, $host, $password)); } else { exec_query('ALTER USER ?@? IDENTIFIED BY ? PASSWORD EXPIRE NEVER', array($user, $host, $password)); } exec_query('UPDATE sql_user SET sqlu_pass = ? WHERE sqlu_name = ? AND sqlu_host = ?', array($password, $user, $host)); set_page_message(tr('SQL user password successfully updated.'), 'success'); write_log(sprintf('%s updated %s@%s SQL user password.', decode_idna($_SESSION['user_logged']), $user, $host), E_USER_NOTICE); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditSqlUser, array('sqlUserId' => $id)); redirectTo('sql_manage.php'); }
/** * Add SQL database * * @param int $userId * @return void */ function client_addSqlDb($userId) { if (!isset($_POST['uaction'])) { return; } if (!isset($_POST['db_name'])) { showBadRequestErrorPage(); } $dbName = clean_input($_POST['db_name']); if ($_POST['db_name'] === '') { set_page_message(tr('Please type database name.'), 'error'); return; } $mainDmnId = get_user_domain_id($userId); if (isset($_POST['use_dmn_id']) && $_POST['use_dmn_id'] === 'on') { if (isset($_POST['id_pos']) && $_POST['id_pos'] === 'start') { $dbName = $mainDmnId . '_' . $dbName; } elseif (isset($_POST['id_pos']) && $_POST['id_pos'] === 'end') { $dbName = $dbName . '_' . $mainDmnId; } } if (strlen($dbName) > 64) { set_page_message(tr('Database name is too long.'), 'error'); return; } if ($dbName === 'test' || client_isDatabase($dbName)) { set_page_message(tr('Database name is unavailable.'), 'error'); return; } if (preg_match('/[%|\\?]+/', $dbName)) { set_page_message(tr("Wildcards such as 's%' and 's%' are not allowed.", '%', '?'), 'error'); return; } $responses = iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddSqlDb, array('dbName' => $dbName)); if (!$responses->isStopped()) { execute_query(sprintf('CREATE DATABASE IF NOT EXISTS %s', quoteIdentifier($dbName))); exec_query('INSERT INTO sql_database (domain_id, sqld_name) VALUES (?, ?)', array($mainDmnId, $dbName)); set_page_message(tr('SQL database successfully created.'), 'success'); write_log(sprintf('%s added new SQL database: %s', decode_idna($_SESSION['user_logged']), $dbName), E_USER_NOTICE); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddSqlDb, array('dbName' => $dbName)); } redirectTo('sql_manage.php'); }
function padd_user($tpl, $sql, $dmn_id) { $cfg = EasySCP_Registry::get('Config'); if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have to add the user if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!validates_username($_POST['username'])) { set_page_message(tr('Wrong username!'), 'warning'); return; } if (!chk_password($_POST['pass'])) { if ($cfg->PASSWD_STRONG) { set_page_message(sprintf(tr('The password must be at least %s chars long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS), 'warning'); } else { set_page_message(sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS), 'warning'); } return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr('Passwords do not match!'), 'warning'); return; } $status = $cfg->ITEM_ADD_STATUS; $uname = clean_input($_POST['username']); $upass = crypt_user_pass_with_salt($_POST['pass']); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($sql, $query, array($uname, $dmn_id)); if ($rs->recordCount() == 0) { $query = "\n\t\t\t\t\tINSERT INTO `htaccess_users`\n\t\t\t\t\t\t(`dmn_id`, `uname`, `upass`, `status`)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?, ?, ?, ?)\n\t\t\t\t"; exec_query($sql, $query, array($dmn_id, $uname, $upass, $status)); send_request('110 DOMAIN htaccess ' . $dmn_id); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: add user (protected areas): {$uname}"); user_goto('protected_user_manage.php'); } else { set_page_message(tr('User already exist !'), 'error'); return; } } } else { return; } }
function update_ssl_data() { // Get a reference to the Config object $cfg = EasySCP_Registry::get('Config'); // Gets a reference to the EasySCP_ConfigHandler_Db instance $db_cfg = EasySCP_Registry::get('Db_Config'); $db_cfg->resetQueriesCounter('update'); $sslkey = clean_input(filter_input(INPUT_POST, 'ssl_key')); $sslcert = clean_input(filter_input(INPUT_POST, 'ssl_cert')); $sslcacert = clean_input(filter_input(INPUT_POST, 'ssl_cacert')); $sslstatus = clean_input(filter_input(INPUT_POST, 'ssl_status')); if (openssl_x509_check_private_key($sslcert, $sslkey)) { // update the ssl related values $db_cfg->SSL_KEY = $sslkey; $db_cfg->SSL_CERT = $sslcert; $db_cfg->SSL_CACERT = $sslcacert; $db_cfg->SSL_STATUS = $sslstatus; $cfg->replaceWith($db_cfg); /* $data = array ( 'SSL_KEY' => $sslkey, 'SSL_CERT' => $sslcert, 'SSL_STATUS'=> $sslstatus ); */ $data = array('SSL_STATUS' => $sslstatus); EasyConfig::Save($data); write_log(get_session('user_logged') . ": Updated SSL configuration!"); // get number of updates $update_count = $db_cfg->countQueries('update'); if ($update_count == 0) { set_page_message(tr("SSL configuration unchanged"), 'info'); } elseif ($update_count > 0) { set_page_message(tr('SSL configuration updated!'), 'success'); } } else { set_page_message(tr("SSL key/cert don't match"), 'Warning'); write_log(get_session('user_logged') . ": Update of SSL configuration failed!"); } send_request('110 DOMAIN master'); user_goto('tools_config_ssl.php'); }
function update_admin_personal_data($sql, $user_id) { if (check_user_data()) { $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = $_POST['gender']; $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`fname` = ?,\n\t\t\t\t`lname` = ?,\n\t\t\t\t`firm` = ?,\n\t\t\t\t`zip` = ?,\n\t\t\t\t`city` = ?,\n\t\t\t\t`state` = ?,\n\t\t\t\t`country` = ?,\n\t\t\t\t`street1` = ?,\n\t\t\t\t`street2` = ?,\n\t\t\t\t`email` = ?,\n\t\t\t\t`phone` = ?,\n\t\t\t\t`fax` = ?,\n\t\t\t\t`gender` = ?\n\t\t\tWHERE\n\t\t\t\t`admin_id` = ?\n\t"; exec_query($sql, $query, array($fname, $lname, $firm, $zip, $city, $state, $country, $street1, $street2, $email, $phone, $fax, $gender, $user_id)); set_page_message(tr('Personal data updated successfully!'), 'success'); } }
function LcmCase($id_case = 0) { $id_case = intval($id_case); $this->fu_start_from = 0; $this->LcmObject(); if ($id_case > 0) { $query = "SELECT * FROM lcm_case WHERE id_case = {$id_case}"; $result = lcm_query($query); if ($row = lcm_fetch_array($result)) { foreach ($row as $key => $val) { $this->data[$key] = $val; } } // Case stage $stage = get_kw_from_name('stage', $this->getDataString('stage')); $this->data['id_stage'] = $stage['id_keyword']; } // If any, populate form values submitted foreach ($_REQUEST as $key => $value) { $nkey = $key; if (substr($key, 0, 5) == 'case_') { $nkey = substr($key, 5); } $this->data[$nkey] = clean_input(_request($key)); } // If any, populate with session variables (for error reporting) if (isset($_SESSION['form_data'])) { foreach ($_SESSION['form_data'] as $key => $value) { $nkey = $key; if (substr($key, 0, 5) == 'case_') { $nkey = substr($key, 5); } $this->data[$nkey] = clean_input(_session($key)); } } if (!$id_case || get_datetime_from_array($_SESSION['form_data'], 'assignment', 'start', -1) != -1) { $this->data['date_assignment'] = get_datetime_from_array($_SESSION['form_data'], 'assignment', 'start', date('Y-m-d H:i:s')); } }
/** * @param $user_id */ function update_reseller_personal_data($user_id) { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeEditUser, array('userId' => $user_id)); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = $_POST['gender']; $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $query = "\n\t\tUPDATE\n\t\t\t`admin`\n\t\tSET\n\t\t\t`fname` = ?,\n\t\t\t`lname` = ?,\n\t\t\t`firm` = ?,\n\t\t\t`zip` = ?,\n\t\t\t`city` = ?,\n\t\t\t`state` = ?,\n\t\t\t`country` = ?,\n\t\t\t`email` = ?,\n\t\t\t`phone` = ?,\n\t\t\t`fax` = ?,\n\t\t\t`street1` = ?,\n\t\t\t`street2` = ?,\n\t\t\t`gender` = ?\n\t\tWHERE\n\t\t\t`admin_id` = ?\n\t"; exec_query($query, array($fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender, $user_id)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterEditUser, array('userId' => $user_id)); set_page_message(tr('Personal data successfully updated.'), 'success'); redirectTo('profile.php'); }
/** * Recursive function to clean all dimensions of the array and reorient it so that the parent for a particular item can be easily looked up. * array is the array being cleaned, count is the count of items in all the arrays for verification, valid_ids holds the id #s that are permitted to * appear in the data, and when that id is happened upon the value at that location in the array is replaced with that id's parent in the new ordering. * * @param array $array * @param int $count * @param boolean $valid_ids * @param array $order * @param int $parent_id * @param boolean $level_url * @return <type> */ function deep_clean_and_orient(&$array, &$count, &$valid_ids, &$order, $parent_id = 0, $level_url = array()) { foreach ($array as $key => &$item) { // Key 0 has an int item defining the parent for the next ones in the array. if ($key == 0) { if ($item == -1) { if (isset($root_found) && $root_found == true) { return false; } else { $root_found = true; } // Skip the root key as it has no meaning, parent_id will be 0. continue; } if (!is_numeric($item) || !($item = clean_input($item, array('trim', 'int')))) { return false; } if (isset($valid_ids[$item]) && $valid_ids[$item]['found'] === false) { //valid id must be TRUE, not 1, for this id to be accepted $valid_ids[$item]['found'] = true; // set to parent so it is known no valid ids occured twice $level_url[] = $valid_ids[$item]['old_url_suffix']; $order[$count] = array("id" => $item, "parent" => $parent_id, "url" => $level_url); $count++; $parent_id = $item; } else { return false; } } else { if (deep_clean_and_orient($item, $count, $valid_ids, $order, $parent_id, $level_url) === false) { //recursive call to clean all levels of the array. return false; } } } return true; //if anything has gone wrong the function will have returned by now. }
/** * Add Htaccess user. * * @param int $domainId Domain unique identifier * @return */ function client_addHtaccessUser($domainId) { if (isset($_POST['uaction']) && $_POST['uaction'] == 'add_user') { // we have to add the user if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['pass_rep'])) { if (!validates_username($_POST['username'])) { set_page_message(tr('Wrong username.'), 'error'); return; } if (!checkPasswordSyntax($_POST['pass'])) { return; } if ($_POST['pass'] !== $_POST['pass_rep']) { set_page_message(tr("Passwords do not match."), 'error'); return; } $status = 'toadd'; $uname = clean_input($_POST['username']); $upass = cryptPasswordWithSalt($_POST['pass'], generateRandomSalt(true)); $query = "\n\t\t\t\tSELECT\n\t\t\t\t\t`id`\n\t\t\t\tFROM\n\t\t\t\t\t`htaccess_users`\n\t\t\t\tWHERE\n\t\t\t\t\t`uname` = ?\n\t\t\t\tAND\n\t\t\t\t\t`dmn_id` = ?\n\t\t\t"; $rs = exec_query($query, array($uname, $domainId)); if ($rs->rowCount() == 0) { $query = "\n\t\t\t\t\tINSERT INTO `htaccess_users` (\n\t\t\t\t\t `dmn_id`, `uname`, `upass`, `status`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t ?, ?, ?, ?\n\t\t\t\t\t)\n\t\t\t\t"; exec_query($query, array($domainId, $uname, $upass, $status)); send_request(); set_page_message(tr('Htaccess user successfully scheduled for addition.'), 'success'); $admin_login = $_SESSION['user_logged']; write_log("{$admin_login}: added new htaccess user: {$uname}", E_USER_NOTICE); redirectTo('protected_user_manage.php'); } else { set_page_message(tr('This htaccess user already exist.'), 'error'); return; } } } else { return; } }
/** * Credentials authentication handler * * @param iMSCP_Events_Event $event * @return iMSCP_Authentication_Result * @throws iMSCP_Exception_Database */ function login_credentials($event) { $username = !empty($_POST['uname']) ? encode_idna(clean_input($_POST['uname'])) : ''; $password = !empty($_POST['upass']) ? clean_input($_POST['upass']) : ''; if (empty($username) || empty($password)) { if (empty($username)) { $message[] = tr('The username field is empty.'); } if (empty($password)) { $message[] = tr('The password field is empty.'); } } if (!isset($message)) { $stmt = exec_query('SELECT admin_id, admin_name, admin_pass, admin_type, email, created_by FROM admin WHERE admin_name = ?', $username); if (!$stmt->rowCount()) { $result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::FAILURE_IDENTITY_NOT_FOUND, null, tr('Unknown username.')); } else { $identity = $stmt->fetchRow(PDO::FETCH_OBJ); $dbPassword = $identity->admin_pass; if ($dbPassword != md5($password) && crypt($password, $dbPassword) != $dbPassword) { $result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::FAILURE_CREDENTIAL_INVALID, null, tr('Bad password.')); } else { if (strpos($dbPassword, '$') !== 0) { # Not a password encrypted with crypt(), then re-encrypt it exec_query('UPDATE admin SET admin_pass = ? WHERE admin_id = ?', array(cryptPasswordWithSalt($password), $identity->admin_id)); write_log(sprintf('Info: Password for user %s has been re-encrypted using the best available algorithm', $identity->admin_name), E_USER_NOTICE); } $result = new iMSCP_Authentication_Result(iMSCP_Authentication_Result::SUCCESS, $identity); $event->stopPropagation(); } } } else { $result = new iMSCP_Authentication_Result(count($message) == 2 ? iMSCP_Authentication_Result::FAILURE_CREDENTIAL_EMPTY : iMSCP_Authentication_Result::FAILURE_CREDENTIAL_INVALID, null, $message); } return $result; }
* @copyright Copyright 2011 Queen's University. All Rights Reserved. * */ if (!defined("PARENT_INCLUDED") || !defined("IN_AAMC_CI")) { exit; } elseif (!isset($_SESSION["isAuthorized"]) || !$_SESSION["isAuthorized"]) { header("Location: " . ENTRADA_URL); exit; } elseif (!$ENTRADA_ACL->amIAllowed("report", "read", false)) { $ONLOAD[] = "setTimeout('window.location=\\'" . ENTRADA_URL . "/admin/" . $MODULE . "\\'', 15000)"; add_error("Your account does not have the permissions required to use this feature of this module.<br /><br />If you believe you are receiving this message in error please contact <a href=\"mailto:" . html_encode($AGENT_CONTACTS["administrator"]["email"]) . "\">" . html_encode($AGENT_CONTACTS["administrator"]["name"]) . "</a> for assistance."); echo display_error(); application_log("error", "Group [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] . "] and role [" . $_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["role"] . "] does not have access to this module [" . $MODULE . "]"); } else { if ($router && $router->initRoute()) { if (isset($_GET["id"]) && ($tmp_input = clean_input($_GET["id"], "int"))) { $REPORT_ID = $tmp_input; } if ($REPORT_ID) { $query = "SELECT * FROM `reports_aamc_ci` WHERE `raci_id` = " . $db->qstr($REPORT_ID) . " AND `organisation_id` = " . $db->qstr($ENTRADA_USER->getActiveOrganisation()); $REPORT = $db->GetRow($query); if ($REPORT) { $SHORT_REPORT_TITLE = date("Y", $REPORT["report_start"]) . "-" . date("Y", $REPORT["report_finish"]) . " Curriculum"; $BREADCRUMB[] = array("url" => ENTRADA_URL . "/admin/reports/aamc/manage?id=" . $REPORT_ID, "title" => $SHORT_REPORT_TITLE); $sidebar_html = "<ul class=\"menu\">"; $sidebar_html .= "\t<li class=\"link\"><a href=\"" . ENTRADA_URL . "/admin/reports/aamc/manage/edit?id=" . $REPORT_ID . "\">Edit Report</a></li>\n"; $sidebar_html .= "</ul>"; new_sidebar_item($SHORT_REPORT_TITLE, $sidebar_html, "aamc-report", "open"); $module_file = $router->getRoute(); if ($module_file) { require_once $module_file;