<?php if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("adduser.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_user'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!'); $Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!'); $Check->check('role', 'is_numeric($test)', 'The role is required!'); /// max. 50 symbols /// $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) { /// check if login already exists /// $Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login'])); } $passwPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) { $Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']); } $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) {
if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("addcapability.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_capab'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $namePat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) { $Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name'])); } $Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!'); $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { try { $aVals = array(); $aVals[] = array('name', $_POST['name']); $aVals[] = array('description', $_POST['description']); /// insert values /// if (!$DB->insert('core_capabilities', $aVals)) {
if (!isset($_index_rights)) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("addrole.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['add_role'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); /// max. 100 symbols /// if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) { /// check if name already exists /// $Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name'])); } $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!'); $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type'); $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type'); $Logs->addLog($Check->isValid(), 'add new one valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { try { $aVals = array(); $aVals[] = array('name', $_POST['name']);
function _updateCapabilities() { global $DB; global $_aErrors; global $_aAlerts; $Check = new cCheckForm(); $colsToDb = array(array('capability', false), array('role', false)); $dataToDb = array(); foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); $aDat = explode('_', $k, 3); /// post data with values for core_role_capability /// if ($aDat[0] == "caprole" && count($aDat) == 3) { $Check->check('cap', 'is_numeric($test)', 'The id of capability is in wrong type', $aDat[1]); $Check->check('role', 'is_numeric($test)', 'The id of role is in wrong type', $aDat[2]); $dataToDb[] = array($aDat[1], $aDat[2]); } } //$Logs->addLog($Check->isValid(), 'valid'); try { if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $_aErrors[] = implode("(<strong>{$k}</strong>)<br />", $error['msg']) . "(<strong>{$k}</strong>)"; } throw new cException("Form is not valid!"); } /// make backup of original table /// if (!$DB->createCopyOfTable('core_role_capability', 'core_role_capability_back')) { throw new cException("Some error during backup operation of old data!"); } /// empty original table /// if (!$DB->truncateTable('core_role_capability')) { /// drop backup table /// $DB->dropTable('core_role_capability_back'); throw new cException("Some error during insert operation!"); } /// insert new values to original table /// if (!$DB->insertMore('core_role_capability', $colsToDb, $dataToDb)) { /// copy data from backup to original table /// $DB->createCopyOfTable('core_role_capability_bak', 'core_role_capability'); throw new cException("Some error during insert operation!"); } /// empty backup table /// $DB->dropTable('core_role_capability_back'); $_aAlerts[] = "Capabilities were updated."; } catch (cException $e) { $msg = $e->getDbMessageError(__METHOD__ . '(line:' . __LINE__ . ')', $query); $_aErrors[] = $msg; cLogsDb::addFileLog($msg); } }
} else { $aErrors[] = "Template wasn't added."; } $Logs->addLog($result, 'new template RESULT'); } /// POST data to insert new page are sent /// if (isset($_POST['add_page'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/'; $titlePat = '/^([a-z]+[a-z0-9_-]+){1,100}$/'; /// existing templates wasn't selected /// if ($_POST['temp'] == 'null') { if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters, starts with a letter and without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) { $Check->check('newtemp', '$test==false', 'The name of TEMPLATES already exists!', admin_tempExists($_POST['newtemp'])); } } if ($Check->check('page', 'preg_match("' . $namePat . '",$test)', 'The name of PAGE must be in lowercase letters, starts with a letter and without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) { $Check->check('page', '$test==false', 'The name of PAGE already exists!', admin_pageExists($_POST['page'])); } $bTitle = false; foreach ($_POST as $k => $v) { if (substr($k, 0, 3) == 'lng') { /// max 100 symbols /// $Check->check('title' . substr($k, 3), 'strlen($test) > 0 && strlen($test) < 101', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required with max. 100 symbols!'); $bTitle = true; } } $Check->check('page_title', '$test == true', 'Title of PAGE is required!', $bTitle);
return $bPage && count($bPageLng); } ########################################################################################## ###################################### code ############################################## $Logs = new cLogs("editpage.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); /// POST data to insert new page are sent /// if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); /// existing templates wasn't selected /// $Check->check('temp', '$test !== "null"', 'TEMPLATE is required!'); $bTitle = false; foreach ($_POST as $k => $v) { if (substr($k, 0, 3) == 'lng') { $Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!'); $bTitle = true; } } $Check->check('page_title', '$test == true', 'Title of PAGE is required!', $bTitle); $Logs->addLog($Check->isValid(), 'valid'); //$Logs->addLog($Check->getErrors(),'errors'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } $result = false;
<?php if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("editroles.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['update_role'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']); if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) { /// check if name already exists /// if ($exists = admin_roleExists($_POST['name'])) { $Logs->addLog($exists, 'role EXISTS'); $exists = !($exists['id'] == $_POST['roleid']); } $Logs->addLog($exists, 'role EXISTS'); $Check->check('name', '$test==false', 'The name of role already exists!', $exists); } $Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!'); $Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type'); $Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type'); $Logs->addLog($Check->isValid(), 'form valid'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) {
if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } ########################################################################################## ###################################### code ############################################## $Logs = new cLogs("edittemplate.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $Check = new cCheckForm(); $Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!'); $Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!'); $Logs->addLog($Check->isValid(), 'valid'); //$Logs->addLog($Check->getErrors(),'errors'); if (!$Check->isValid()) { foreach ($Check->getErrors() as $k => $error) { $aErrors[] = admin_getErrorToPrint($k, $error); } } else { if ($_POST['parent_temp'] != 'null') { $aVals[] = array('parentid', intval($_POST['parent_temp']), false); } else { $aVals[] = array('parentid', 'NULL', false); } $aVals[] = array('js', $_POST['js']); $aVals[] = array('css', $_POST['css']);
if (!isset($_index_rights) || !isset($_GET['id'])) { header("Location: " . getUrl() . "admin"); } $Logs = new cLogs("editroles.php"); $Logs->on(); $aErrors = array(); $aAlerts = array(); global $DB; if (isset($_POST['update_user'])) { foreach ($_POST as $k => $v) { $_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v)); } $aVals = array(); $Check = new cCheckForm(); $Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']); $Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!'); $Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!'); $Check->check('role', 'is_numeric($test)', 'The role is in wrong format!'); /// change login /// if (strlen($_POST['login'])) { /// max. 50 symbols /// $loginPat = '/^[a-zA-Z0-9_-]{1,50}$/'; if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) { /// check if login already exists /// if ($exists = admin_roleExists($_POST['login'])) { $Logs->addLog($exists, 'user login EXISTS'); $exists = !($exists['id'] == $_POST['userid']); } $Logs->addLog($exists, 'user login EXISTS'); $Check->check('login', '$test==false', 'This login already exists!', $exists);