/**
* This function handles submission of a template file.
* It checks the file for syntax errors, and if it passes, it saves it.
*
* This function is forwarded to, from
* ?action=admin;area=theme;sa=edit
*/
private function _action_edit_submit()
{
global $context, $settings, $user_info;
$selectedTheme = isset($_GET['th']) ? (int) $_GET['th'] : (isset($_GET['id']) ? (int) $_GET['id'] : 0);
if (empty($selectedTheme)) {
// This should never be happening. Never I say. But... in case it does :P
fatal_lang_error('theme_edit_missing');
}
$theme_dir = themeDirectory($context['theme_id']);
$file = isset($_POST['entire_file']) ? $_POST['entire_file'] : '';
// You did submit *something*, didn't you?
if (empty($file)) {
// @todo a better error message
fatal_lang_error('theme_edit_missing');
}
// Checking PHP syntax on css files is not a most constructive use of processing power :P
// We need to know what kind of file we have
$is_php = substr($_REQUEST['filename'], -4) == '.php';
$is_template = substr($_REQUEST['filename'], -13) == '.template.php';
$is_css = substr($_REQUEST['filename'], -4) == '.css';
// Check you up
if (checkSession('post', '', false) == '' && validateToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']), 'post', false) == true) {
// Consolidate the format in which we received the file contents
if (is_array($file)) {
$entire_file = implode("\n", $file);
} else {
$entire_file = $file;
}
// Convert our tabs back to tabs!
$entire_file = rtrim(strtr($entire_file, array("\r" => '', ' ' => "\t")));
// Errors? No errors!
$errors = array();
// For PHP files, we check the syntax.
if ($is_php) {
require_once SUBSDIR . '/DataValidator.class.php';
require_once SUBSDIR . '/Modlog.subs.php';
// Since we are running php code, let's track it, but only once in a while.
if (!recentlyLogged('editing_theme', 60)) {
logAction('editing_theme', array('member' => $user_info['id']), 'admin');
// But the email only once every 60 minutes should be fine
if (!recentlyLogged('editing_theme', 3600)) {
require_once SUBSDIR . '/Themes.subs.php';
require_once SUBSDIR . '/Admin.subs.php';
$theme_info = getBasicThemeInfos($context['theme_id']);
emailAdmins('editing_theme', array('EDIT_REALNAME' => $user_info['name'], 'FILE_EDITED' => $_REQUEST['filename'], 'THEME_NAME' => $theme_info[$context['theme_id']]));
}
}
$validator = new Data_Validator();
$validator->validation_rules(array('entire_file' => 'php_syntax'));
$validator->validate(array('entire_file' => $entire_file));
// Retrieve the errors
$errors = $validator->validation_errors();
}
// If successful so far, we'll take the plunge and save this piece of art.
if (empty($errors)) {
// Try to save the new file contents
$fp = fopen($theme_dir . '/' . $_REQUEST['filename'], 'w');
fwrite($fp, $entire_file);
fclose($fp);
if (function_exists('opcache_invalidate')) {
opcache_invalidate($theme_dir . '/' . $_REQUEST['filename']);
}
// We're done here.
redirectexit('action=admin;area=theme;th=' . $selectedTheme . ';' . $context['session_var'] . '=' . $context['session_id'] . ';sa=browse;directory=' . dirname($_REQUEST['filename']));
} else {
// Pick the right sub-template for the next try
if ($is_template) {
$context['sub_template'] = 'edit_template';
} else {
$context['sub_template'] = 'edit_file';
}
// Fill contextual data for the template, the errors to show
foreach ($errors as $error) {
$context['parse_error'][] = $error;
}
// The format of the data depends on template/non-template file.
if (!is_array($file)) {
$file = array($file);
}
// Send back the file contents
$context['entire_file'] = htmlspecialchars(strtr(implode('', $file), array("\t" => ' ')), ENT_COMPAT, 'UTF-8');
foreach ($file as $i => $file_part) {
$context['file_parts'][$i]['lines'] = strlen($file_part);
$context['file_parts'][$i]['data'] = $file_part;
}
// Re-create token for another try
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
} else {
loadLanguage('Errors');
// Notify the template of trouble
$context['session_error'] = true;
// Recycle the submitted data.
if (is_array($file)) {
$context['entire_file'] = htmlspecialchars(implode("\n", $file), ENT_COMPAT, 'UTF-8');
} else {
$context['entire_file'] = htmlspecialchars($file, ENT_COMPAT, 'UTF-8');
}
$context['edit_filename'] = htmlspecialchars($_POST['filename'], ENT_COMPAT, 'UTF-8');
// Choose sub-template
if ($is_template) {
$context['sub_template'] = 'edit_template';
} elseif ($is_css) {
addJavascriptVar(array('previewData' => '\'\'', 'previewTimeout' => '\'\'', 'refreshPreviewCache' => '\'\'', 'editFilename' => JavaScriptEscape($context['edit_filename']), 'theme_id' => $settings['theme_id']));
$context['sub_template'] = 'edit_style';
} else {
$context['sub_template'] = 'edit_file';
}
// Re-create the token so that it can be used
createToken('admin-te-' . md5($selectedTheme . '-' . $_REQUEST['filename']));
return;
}
}
.container {
margin-left:30%;
float:left;
width:60%;
}
</style>
<?php
if (isset($_POST['records_username'])) {
$message = "";
if ($_POST['records_username'] == $_SESSION["username"]) {
$message = "";
$db2 = retrieveUsersDb();
$message = verifyUser($db2, $_POST['records_username'], $_POST['records_password']);
if ($message == "Okay for access.") {
$rs = recentlyLogged($db2);
$nm = $rs->num_rows;
if ($nm > 0) {
?>
<table class='table table-striped' width=100%>
<thead>
<tr>
<th colspan=7><h2>Recently Logged Users</h2></th>
<tr>
<th> </th>
<th>Username</th>
