function admin_check_session()
{
global $config;
/// check user-agent
$ua = md5($_SERVER['HTTP_USER_AGENT']);
if (!isset($_SESSION['_amember_ua'])) {
$_SESSION['_amember_ua'] = $ua;
} elseif ($_SESSION['_amember_ua'] != $ua) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
admin_html_redirect($config['root_url'] . '/admin/', "Browser Agent Changed - Session destroyed", "Browser Agent Changed - Session destroyed", $target_top = true);
exit;
}
/// check for admin session expiration
$now = time();
if (isset($_SESSION['_amember_sess_expires']) && isset($_SESSION['_admin_pass'])) {
if ($_SESSION['_amember_sess_expires'] < $now) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
session_destroy();
admin_html_redirect($config['root_url'] . '/admin/', "Admin session expired", "Admin session expired, please login again", $target_top = true);
exit;
}
}
$_SESSION['_amember_sess_expires'] = $now + 3600;
}
function unprotect_folder($vars)
{
$fl = get_folders();
$folder = $fl[$vars['folder_id']];
if (!$folder) {
die("Folder not found: {$vars['folder_id']}");
}
if (is_dir($folder['path'])) {
$errs = 0;
foreach ($folder['files_content'] as $fname => $content) {
$f = "{$folder['path']}/{$fname}";
if (!is_file($f)) {
continue;
}
$res = unlink($f);
if (!$res) {
$errs++;
$err[] = "File {$f} couldn't be removed - please remove it manually";
}
}
} else {
print "Folder {$folder['path']} seems to be removed...skipping protection removing step<br />";
}
// save folder info now
global $config, $db;
$files = $db->escape(serialize($files));
$db->query("DELETE FROM {$db->config[prefix]}folders\n WHERE folder_id={$vars[folder_id]}\n ");
admin_log("Folder protection removed ({$path}) - {$method}", "folders", $vars['folder_id']);
if ($errs) {
print "<font color=red><b>";
print "Protection has removed, but some errors happened - please follow our recommenendations to fix:<br />";
foreach ($err as $e) {
print "<li>{$e}";
}
print "<br /><br />after fixing all problems listed above, click <a href='protect.php'>here</a>";
} else {
admin_html_redirect("protect.php?added=ok", "Folder un-protected", "Protection has been removed from the folder");
}
exit;
}
}
break;
case 'add_save':
if (!$_POST['action']) {
die("POST request expected");
}
check_demo();
if ($err = validate_form($vars)) {
admins_add_form($err);
} elseif ($err = add_admin($vars)) {
admins_add_form($err);
} else {
admin_html_redirect("admins.php", $title = 'Admin record added', $text = 'Admin record added');
}
break;
case 'edit_save':
if (!$_POST['action']) {
die("POST request expected");
}
check_demo();
if ($err = validate_form($vars)) {
admins_edit_form($err);
} elseif ($err = edit_admin($vars)) {
admins_edit_form($err);
} else {
admin_html_redirect("admins.php", $title = 'Admin record updated', $text = 'Admin record updated');
}
break;
default:
admins_list();
}
$r['pass0'] = $r['pass'];
$member_id = $db->add_pending_user($r);
if ($r['product_id']) {
$pm = array('product_id' => $r['product_id'], 'begin_date' => $r['begin_date'], 'expire_date' => $r['expire_date'], 'paysys_id' => $r['paysys_id'], 'amount' => 0, 'receipt_id' => $r['receipt_id'], 'member_id' => $member_id, 'completed' => $r['is_completed']);
$db->add_payment($pm);
}
$total_added++;
}
fclose($f);
}
/////////////// MAIN //////////////////////
$import_filename = $config['root_dir'] . "/admin/imp.csv";
$vars = get_input_vars();
switch ($vars['action']) {
case 'do_import':
admin_html_redirect("import_f.php?action=do_real_import", $title = 'Import...', $text = 'Import processing may take some time, please be patient');
break;
case 'do_real_import':
$vars = $_SESSION['import_vars'];
check_demo();
do_import();
print "<br /><strong>Import finsihed. {$total_added} records added</strong><br />\n Please don't forget to remove import file amember/admin/imp.csv";
break;
case 'upload':
check_demo();
if ($lines = get_first_lines(20)) {
display_confirm($lines);
$_SESSION['import_vars'] = $vars;
break;
}
case 'check_form':
function send_mails()
{
global $t, $config, $db, $vars;
$sess_vars = $_SESSION['amember_send_mails'];
if ($vars['to_archive'] == '1') {
//add a message to archive
$threads = "";
if (count($sess_vars['newsletter_thread']) > 0) {
$threads = "," . implode(",", $sess_vars['newsletter_thread']) . ",";
}
$q = $db->query($s = "\n INSERT INTO {$db->config['prefix']}newsletter_archive\n (archive_id,threads,subject,message,add_date,is_html)\n VALUES\n (null, '{$threads}', '" . $db->escape(get_email_subject($vars, $user)) . "', '" . $db->escape(get_email_message($vars, $user)) . "', NOW(), '" . $db->escape($vars['is_html']) . "')\n ");
}
if ($vars['to_send'] == '1') {
//send a messages
$start = intval($vars['start']);
$count = 50;
// 50 emails per page call
////////////////////////////////////////////
$vars = $sess_vars;
$users = get_target_users($start, $count, $total);
if ($start == 0) {
admin_log("Broadcast E-Mail Message [{$vars[subj]}] sent to {$total} users");
}
// send emails to all users
$attachments = $vars['files'];
foreach ($users as $user) {
$preview = array('text' => get_email_message($vars, $user), 'subj' => get_email_subject($vars, $user), 'to' => get_email_to($vars, $user), 'is_html' => $vars['is_html']);
if (isset($user['is_guest']) && $user['is_guest'] == '1') {
$is_guest = '1';
} else {
$is_guest = '0';
}
if (count($sess_vars['newsletter_thread']) > 0) {
$is_newsletter = '1';
} else {
$is_newsletter = '0';
}
mail_customer($preview['to'], $preview['text'], $preview['subj'], $preview['is_html'], $attachments, $add_unsubscribe = 1, '', $is_guest, $is_newsletter);
}
$newstart = $start + $count;
$left = $total - $newstart;
if (!$users || $left <= 0) {
$x = $start + count($users);
clean_attachments();
unset($_SESSION['amember_send_mails']);
admin_html_redirect("email.php?count={$x}&action=sent", "Sending emails (finished)", "Sending emails to users ... cleanup operations");
} else {
admin_html_redirect("email.php?start={$newstart}&action=send&to_send=1", "Sending emails (please don't close browser window)", "Sending emails to users " . ($start + 1) . "-{$newstart} ({$total} total, {$left} e-mails left)");
}
} else {
unset($_SESSION['amember_send_mails']);
admin_html_redirect("email.php", "Sending emails (finished)", "Sending emails to users ... cleanup operations");
}
}
<?php
/*
*
*
* Author: Alex Scott
* Email: alex@cgi-central.net
* Web: http://www.cgi-central.net
* Details: Admin logout
* FileName $RCSfile$
* Release: 3.1.8PRO ($Revision: 2926 $)
*
* Please direct bug reports,suggestions or feedback to the cgi-central forums.
* http://www.cgi-central.net/forum/
*
* aMember PRO is a commercial software. Any distribution is strictly prohibited.
*
*/
include '../config.inc.php';
admin_log("Logged-out");
unset($_SESSION['_admin_login']);
unset($_SESSION['_admin_pass']);
unset($_SESSION['amember_admin']);
session_write_close();
admin_html_redirect($config['root_url'] . "/admin/", 'Logout', 'Logged out', $target_top = true);
function del_email()
{
global $vars, $db, $config, $t;
$err = array();
if ($vars['tpl'] == '') {
return "Error: tpl is empty";
}
if ($vars['day'] == '' && isset($vars['day'])) {
return "Error: DAY is not specified, there must be a number value";
}
$my_tpl =& new aMemberEmailTemplate();
$my_tpl->name = $vars['tpl'];
$my_tpl->product_id = $vars['product_id'];
$my_tpl->day = $vars['day'];
$my_tpl->delete_all();
admin_html_redirect(get_back_location(), "E-Mail Template Deleted", "E-Mail Template has been deleted");
exit;
}
} else {
admin_log("Additonal Field ({$new_field['name']}) changed");
admin_html_redirect("fields.php", "Field info saved", "Field info saved to config");
break;
}
}
display_edit_form($new_field);
break;
case 'delete':
check_demo();
foreach ($ff as $f) {
if ($f['name'] == $vars['name']) {
$old_field = $f;
}
}
$err = drop_field($old_field);
if ($err) {
fatal_error($err, 1);
} else {
admin_log("Additonal Field ({$old_field['name']}) deleted");
admin_html_redirect("fields.php", "Field has been deleted", "Field has been deleted succesfully");
}
break;
case 'reorder':
reorder_fields($vars['order']);
admin_html_redirect("fields.php", "Fields order changed", "Field order has been changed");
break;
default:
$t->assign('fields', $ff);
$t->display('admin/fields.html');
}
