function admin_check_session() { global $config; /// check user-agent $ua = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_SESSION['_amember_ua'])) { $_SESSION['_amember_ua'] = $ua; } elseif ($_SESSION['_amember_ua'] != $ua) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); admin_html_redirect($config['root_url'] . '/admin/', "Browser Agent Changed - Session destroyed", "Browser Agent Changed - Session destroyed", $target_top = true); exit; } /// check for admin session expiration $now = time(); if (isset($_SESSION['_amember_sess_expires']) && isset($_SESSION['_admin_pass'])) { if ($_SESSION['_amember_sess_expires'] < $now) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, '/'); } session_destroy(); admin_html_redirect($config['root_url'] . '/admin/', "Admin session expired", "Admin session expired, please login again", $target_top = true); exit; } } $_SESSION['_amember_sess_expires'] = $now + 3600; }
function unprotect_folder($vars) { $fl = get_folders(); $folder = $fl[$vars['folder_id']]; if (!$folder) { die("Folder not found: {$vars['folder_id']}"); } if (is_dir($folder['path'])) { $errs = 0; foreach ($folder['files_content'] as $fname => $content) { $f = "{$folder['path']}/{$fname}"; if (!is_file($f)) { continue; } $res = unlink($f); if (!$res) { $errs++; $err[] = "File {$f} couldn't be removed - please remove it manually"; } } } else { print "Folder {$folder['path']} seems to be removed...skipping protection removing step<br />"; } // save folder info now global $config, $db; $files = $db->escape(serialize($files)); $db->query("DELETE FROM {$db->config[prefix]}folders\n WHERE folder_id={$vars[folder_id]}\n "); admin_log("Folder protection removed ({$path}) - {$method}", "folders", $vars['folder_id']); if ($errs) { print "<font color=red><b>"; print "Protection has removed, but some errors happened - please follow our recommenendations to fix:<br />"; foreach ($err as $e) { print "<li>{$e}"; } print "<br /><br />after fixing all problems listed above, click <a href='protect.php'>here</a>"; } else { admin_html_redirect("protect.php?added=ok", "Folder un-protected", "Protection has been removed from the folder"); } exit; }
} break; case 'add_save': if (!$_POST['action']) { die("POST request expected"); } check_demo(); if ($err = validate_form($vars)) { admins_add_form($err); } elseif ($err = add_admin($vars)) { admins_add_form($err); } else { admin_html_redirect("admins.php", $title = 'Admin record added', $text = 'Admin record added'); } break; case 'edit_save': if (!$_POST['action']) { die("POST request expected"); } check_demo(); if ($err = validate_form($vars)) { admins_edit_form($err); } elseif ($err = edit_admin($vars)) { admins_edit_form($err); } else { admin_html_redirect("admins.php", $title = 'Admin record updated', $text = 'Admin record updated'); } break; default: admins_list(); }
$r['pass0'] = $r['pass']; $member_id = $db->add_pending_user($r); if ($r['product_id']) { $pm = array('product_id' => $r['product_id'], 'begin_date' => $r['begin_date'], 'expire_date' => $r['expire_date'], 'paysys_id' => $r['paysys_id'], 'amount' => 0, 'receipt_id' => $r['receipt_id'], 'member_id' => $member_id, 'completed' => $r['is_completed']); $db->add_payment($pm); } $total_added++; } fclose($f); } /////////////// MAIN ////////////////////// $import_filename = $config['root_dir'] . "/admin/imp.csv"; $vars = get_input_vars(); switch ($vars['action']) { case 'do_import': admin_html_redirect("import_f.php?action=do_real_import", $title = 'Import...', $text = 'Import processing may take some time, please be patient'); break; case 'do_real_import': $vars = $_SESSION['import_vars']; check_demo(); do_import(); print "<br /><strong>Import finsihed. {$total_added} records added</strong><br />\n Please don't forget to remove import file amember/admin/imp.csv"; break; case 'upload': check_demo(); if ($lines = get_first_lines(20)) { display_confirm($lines); $_SESSION['import_vars'] = $vars; break; } case 'check_form':
function send_mails() { global $t, $config, $db, $vars; $sess_vars = $_SESSION['amember_send_mails']; if ($vars['to_archive'] == '1') { //add a message to archive $threads = ""; if (count($sess_vars['newsletter_thread']) > 0) { $threads = "," . implode(",", $sess_vars['newsletter_thread']) . ","; } $q = $db->query($s = "\n INSERT INTO {$db->config['prefix']}newsletter_archive\n (archive_id,threads,subject,message,add_date,is_html)\n VALUES\n (null, '{$threads}', '" . $db->escape(get_email_subject($vars, $user)) . "', '" . $db->escape(get_email_message($vars, $user)) . "', NOW(), '" . $db->escape($vars['is_html']) . "')\n "); } if ($vars['to_send'] == '1') { //send a messages $start = intval($vars['start']); $count = 50; // 50 emails per page call //////////////////////////////////////////// $vars = $sess_vars; $users = get_target_users($start, $count, $total); if ($start == 0) { admin_log("Broadcast E-Mail Message [{$vars[subj]}] sent to {$total} users"); } // send emails to all users $attachments = $vars['files']; foreach ($users as $user) { $preview = array('text' => get_email_message($vars, $user), 'subj' => get_email_subject($vars, $user), 'to' => get_email_to($vars, $user), 'is_html' => $vars['is_html']); if (isset($user['is_guest']) && $user['is_guest'] == '1') { $is_guest = '1'; } else { $is_guest = '0'; } if (count($sess_vars['newsletter_thread']) > 0) { $is_newsletter = '1'; } else { $is_newsletter = '0'; } mail_customer($preview['to'], $preview['text'], $preview['subj'], $preview['is_html'], $attachments, $add_unsubscribe = 1, '', $is_guest, $is_newsletter); } $newstart = $start + $count; $left = $total - $newstart; if (!$users || $left <= 0) { $x = $start + count($users); clean_attachments(); unset($_SESSION['amember_send_mails']); admin_html_redirect("email.php?count={$x}&action=sent", "Sending emails (finished)", "Sending emails to users ... cleanup operations"); } else { admin_html_redirect("email.php?start={$newstart}&action=send&to_send=1", "Sending emails (please don't close browser window)", "Sending emails to users " . ($start + 1) . "-{$newstart} ({$total} total, {$left} e-mails left)"); } } else { unset($_SESSION['amember_send_mails']); admin_html_redirect("email.php", "Sending emails (finished)", "Sending emails to users ... cleanup operations"); } }
<?php /* * * * Author: Alex Scott * Email: alex@cgi-central.net * Web: http://www.cgi-central.net * Details: Admin logout * FileName $RCSfile$ * Release: 3.1.8PRO ($Revision: 2926 $) * * Please direct bug reports,suggestions or feedback to the cgi-central forums. * http://www.cgi-central.net/forum/ * * aMember PRO is a commercial software. Any distribution is strictly prohibited. * */ include '../config.inc.php'; admin_log("Logged-out"); unset($_SESSION['_admin_login']); unset($_SESSION['_admin_pass']); unset($_SESSION['amember_admin']); session_write_close(); admin_html_redirect($config['root_url'] . "/admin/", 'Logout', 'Logged out', $target_top = true);
function del_email() { global $vars, $db, $config, $t; $err = array(); if ($vars['tpl'] == '') { return "Error: tpl is empty"; } if ($vars['day'] == '' && isset($vars['day'])) { return "Error: DAY is not specified, there must be a number value"; } $my_tpl =& new aMemberEmailTemplate(); $my_tpl->name = $vars['tpl']; $my_tpl->product_id = $vars['product_id']; $my_tpl->day = $vars['day']; $my_tpl->delete_all(); admin_html_redirect(get_back_location(), "E-Mail Template Deleted", "E-Mail Template has been deleted"); exit; }
} else { admin_log("Additonal Field ({$new_field['name']}) changed"); admin_html_redirect("fields.php", "Field info saved", "Field info saved to config"); break; } } display_edit_form($new_field); break; case 'delete': check_demo(); foreach ($ff as $f) { if ($f['name'] == $vars['name']) { $old_field = $f; } } $err = drop_field($old_field); if ($err) { fatal_error($err, 1); } else { admin_log("Additonal Field ({$old_field['name']}) deleted"); admin_html_redirect("fields.php", "Field has been deleted", "Field has been deleted succesfully"); } break; case 'reorder': reorder_fields($vars['order']); admin_html_redirect("fields.php", "Fields order changed", "Field order has been changed"); break; default: $t->assign('fields', $ff); $t->display('admin/fields.html'); }