# variable settings
$path = GSDATAOTHERPATH;
$file = GSWEBSITEFILE;
$theme_options = '';
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['template'])) {
check_for_csrf("activate");
# get passed value from form
$newTemplate = var_in($_POST['template']);
if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) {
die;
}
# backup old GSWEBSITEFILE (website.xml) file
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
createBak($file, $path, $bakpath);
# udpate GSWEBSITEFILE (website.xml) file with new theme
$xml = new SimpleXMLExtended('<item></item>');
$note = $xml->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xml->addChild('SITEURL');
$note->addCData($SITEURL);
$note = $xml->addChild('TEMPLATE');
$note->addCData($newTemplate);
$xml->addChild('PRETTYURLS', $PRETTYURLS);
$xml->addChild('PERMALINK', $PERMALINK);
XMLsave($xml, $path . $file);
$success = i18n_r('THEME_CHANGED');
$TEMPLATE = $newTemplate;
// set new global
}
} else {
$err .= i18n_r('USERNAME_ERROR') . '<br />';
}
if (!check_email_address($_POST['email'])) {
$err .= i18n_r('EMAIL_ERROR') . '<br />';
} else {
$EMAIL = $_POST['email'];
}
# if there were no errors, continue setting up the site
if ($err == '') {
# create new password
$random = createRandomPassword();
$PASSWD = passhash($random);
# create user xml file
$file = _id($USR) . '.xml';
createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('USR', $USR);
$xml->addChild('PWD', $PASSWD);
$xml->addChild('EMAIL', $EMAIL);
$xml->addChild('HTMLEDITOR', '1');
$xml->addChild('TIMEZONE', $TIMEZONE);
$xml->addChild('LANG', $LANG);
if (!XMLsave($xml, GSUSERSPATH . $file)) {
$kill = i18n_r('CHMOD_ERROR');
}
# create password change trigger file
$flagfile = GSUSERSPATH . _id($USR) . ".xml.reset";
copy(GSUSERSPATH . $file, $flagfile);
# create new website.xml file
$file = 'website.xml';
unlink(GSUSERSPATH . _id($USR) . '.xml.reset');
}
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$xml->addChild('USR', $USR);
$xml->addChild('NAME', var_out($NAME));
$xml->addChild('PWD', $PASSWD);
$xml->addChild('EMAIL', var_out($EMAIL, 'email'));
$xml->addChild('HTMLEDITOR', $HTMLEDITOR);
$xml->addChild('TIMEZONE', $TIMEZONE);
$xml->addChild('LANG', $LANG);
exec_action('settings-user');
if (!XMLsave($xml, GSUSERSPATH . $file)) {
$error = i18n_r('CHMOD_ERROR');
}
# create website xml file
createBak($wfile, GSDATAOTHERPATH, GSBACKUPSPATH . 'other/');
$xmls = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$note = $xmls->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xmls->addChild('SITEURL');
$note->addCData($SITEURL);
$note = $xmls->addChild('TEMPLATE');
$note->addCData($TEMPLATE);
$xmls->addChild('PRETTYURLS', $PRETTYURLS);
$xmls->addChild('PERMALINK', var_out($PERMALINK));
exec_action('settings-website');
if (!XMLsave($xmls, GSDATAOTHERPATH . $wfile)) {
$error = i18n_r('CHMOD_ERROR');
}
# see new language file immediately
include GSLANGPATH . $LANG . '.php';
$SITEEMAIL = var_in($_POST['email'], 'email');
}
if (isset($_POST['timezone'])) {
$SITETIMEZONE = var_in($_POST['timezone']);
}
if (isset($_POST['lang'])) {
$SITELANG = var_in($_POST['lang']);
}
// check valid lang files
if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) {
die;
}
# create website xml file
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
createBak(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath);
$xmls = new SimpleXMLExtended('<item></item>');
$note = $xmls->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xmls->addChild('SITEURL');
$note->addCData($SITEURL);
$note = $xmls->addChild('TEMPLATE');
$note->addCData($TEMPLATE);
$xmls->addChild('PRETTYURLS', $PRETTYURLS);
$xmls->addChild('PERMALINK', $PERMALINK);
$xmls->addChild('EMAIL', $SITEEMAIL);
$xmls->addChild('TIMEZONE', $TIMEZONE);
$xmls->addChild('LANG', $LANG);
$xmls->addChild('SITEUSR', $SITEUSR);
exec_action('settings-website');
if (!XMLsave($xmls, GSDATAOTHERPATH . GSWEBSITEFILE)) {
public function mmAddUser()
{
//Set User File, Username, And Password From Submission
$usrfile = strtolower($_POST['usernamec']);
$usrfile = $usrfile . '.xml';
$NUSR = strtolower($_POST['usernamec']);
$pwd1 = $_POST['userpassword'];
$NPASSWD = passhash($pwd1);
// create user xml file - This coding was mostly taken from the 'settings.php' page..
createBak($usrfile, GSUSERSPATH, GSBACKUSERSPATH);
if (file_exists(GSUSERSPATH . _id($NUSR) . '.xml.reset')) {
unlink(GSUSERSPATH . _id($NUSR) . '.xml.reset');
}
$xml = new SimpleXMLExtended('<item></item>');
$xml->addChild('USR', $NUSR);
$xml->addChild('PWD', $NPASSWD);
$xml->addChild('EMAIL', $_POST['useremail']);
$xml->addChild('HTMLEDITOR', $_POST['usereditor']);
$xml->addChild('TIMEZONE', $_POST['ntimezone']);
$xml->addChild('LANG', $_POST['userlng']);
$xml->addChild('USERSNAME', $_POST['users_name']);
$userbio = $xml->addChild('USERSBIO');
$userbio->addCData($_POST['users_bio']);
$perm = $xml->addChild('PERMISSIONS');
$perm->addChild('PAGES', $_POST['Pages']);
$perm->addChild('FILES', $_POST['Files']);
$perm->addChild('THEME', $_POST['Theme']);
$perm->addChild('PLUGINS', $_POST['Plugins']);
$perm->addChild('BACKUPS', $_POST['Backups']);
$perm->addChild('SETTINGS', $_POST['Settings']);
$perm->addChild('SUPPORT', $_POST['Support']);
$perm->addChild('EDIT', $_POST['Edit']);
$perm->addChild('LANDING', $_POST['Landing']);
$perm->addChild('ADMIN', $_POST['Admin']);
save_custom_permissions();
if (!XMLsave($xml, GSUSERSPATH . $usrfile)) {
$error = i18n_r('CHMOD_ERROR');
} else {
print '<div class="updated" style="display: block;">' . $NUSR . ' ' . i18n_r('user-managment/CREATED') . '</div>';
}
//Show Manage Form
mmManageUsersForm();
}
private static function gscsBackup()
{
$bakpath = GSBACKUPSPATH . 'other/custom_settings/';
if (!file_exists($bakpath)) {
mkdir($bakpath);
}
$csfiles = array_diff(scandir(GSDATAOTHERPATH . 'custom_settings'), array('.', '..', '.htaccess'));
foreach ($csfiles as $csfile) {
createBak($csfile, GSDATAOTHERPATH . 'custom_settings/', $bakpath);
}
}
$data = getXML(GSDATAOTHERPATH . $file);
$USR = $data->USR;
$EMAIL = $data->EMAIL;
}
if (isset($_POST['submitted'])) {
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "reset_password")) {
die("CSRF detected!");
}
if (isset($_POST['email'])) {
if ($_POST['email'] == $EMAIL) {
// create new random password
$random = createRandomPassword();
// create new users.xml file
$bakpath = GSBACKUPSPATH . "other/";
createBak($file, GSDATAOTHERPATH, $bakpath);
$flagfile = GSBACKUPSPATH . "other/user.xml.reset";
copy(GSDATAOTHERPATH . $file, $flagfile);
$xml = @new SimpleXMLElement('<item></item>');
$xml->addChild('USR', @$USR);
$xml->addChild('PWD', passhash($random));
$xml->addChild('EMAIL', @$EMAIL);
XMLsave($xml, GSDATAOTHERPATH . $file);
// send the email with the new password
$subject = $site_full_name . ' ' . $i18n['RESET_PASSWORD'] . ' ' . $i18n['ATTEMPT'];
$message = "'" . cl($SITENAME) . "' " . $i18n['RESET_PASSWORD'] . " " . $i18n['ATTEMPT'];
$message .= '<br>-------------------------------------------------------<br>';
$message .= "<br>" . $i18n['LABEL_USERNAME'] . ": " . $USR;
$message .= "<br>" . $i18n['NEW_PASSWORD'] . ": " . $random;
$message .= '<br><br>' . $i18n['EMAIL_LOGIN'] . ': <a href="' . $SITEURL . 'admin/">' . $SITEURL . 'admin/</a>';
exec_action('resetpw-success');
