if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Addons', 'modules_uninstall');
$val = CAT_Helper_Validate::getInstance();
$addons = CAT_Helper_Addons::getInstance();
// Get name and type of add on
$type = $val->sanitizePost('type', NULL, true);
$addon_name = $val->sanitizePost('file');
$file = $type == 'language' ? $addon_name . '.php' : $addon_name;
// Check if user selected a module
if (trim($file) == '' || trim($type) == '') {
header("Location: index.php");
exit(0);
}
$js_back = CAT_ADMIN_URL . '/addons/index.php';
// Check if the module exists
if (!$addons->isModuleInstalled($addon_name, NULL, preg_replace('~s$~', '', $type))) {
$backend->print_error('Not installed', $js_back, false);
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// =================================
// ! Include the WB functions file
// =================================
include_once CAT_PATH . '/framework/functions.php';
$backend = CAT_Backend::getInstance('Media', 'media', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
$ajax['file'] = $val->sanitizePost('file');
$ajax['file_path'] = $val->sanitizePost('file_path');
if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) {
$ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false);
print json_encode($ajax);
exit;
} else {
// ============================
// ! Try to delete file/folder
// ============================
$link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file'];
if (file_exists($link)) {
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$val = CAT_Helper_Validate::getInstance();
$perm = 'users_modify';
if ($val->sanitizePost('addUser')) {
$perm = 'users_add';
}
$backend = CAT_Backend::getInstance('access', $perm, false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', $perm)) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a user.', array('action' => str_replace('users', '', $perm))), 'success' => false);
print json_encode($ajax);
exit;
}
$addUser = trim($val->sanitizePost('addUser', NULL, true));
$saveUser = trim($val->sanitizePost('saveUser', NULL, true));
include_once CAT_PATH . '/framework/functions.php';
// Gather details entered
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($val->sanitizePost('username_fieldname'), ENT_QUOTES));
$username = trim($val->sanitizePost($username_fieldname, NULL, true));
$display_name = trim(str_replace(array('[[', ']]'), '', htmlspecialchars($val->sanitizePost('display_name'), ENT_QUOTES)));
$user_id = $val->sanitizePost('user_id', NULL, true);
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// backend only
$backend = CAT_Backend::getInstance('admintools');
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('admintools', 'admintools');
// check if any editor is set
if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == '') {
$admin->print_error('No WYSIWYG editor set, please set one first (Settings -> Backend settings -> WYSIWYG Editor)', NULL, false);
}
// check for config driver
$cfg_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/c_editor.php');
if (file_exists($cfg_file)) {
require $cfg_file;
} elseif (file_exists(CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php"))) {
require_once dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php";
} else {
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_delete', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
// Get perms
if (!$users->checkPermission('pages', 'pages_delete', false)) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to delete a page.'), 'success' => false);
print json_encode($ajax);
exit;
}
$page_id = $val->sanitizePost('page_id', 'numeric');
// Get page id
if (!$page_id) {
$ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
print json_encode($ajax);
exit;
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Addons', 'modules_install', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$success = false;
$message = '';
header('Content-type: application/json');
if (!$users->checkPermission('Addons', 'modules_install')) {
$message = $backend->lang()->translate("Sorry, but you don't have the permissions for this action");
printResult();
}
$type = $val->sanitizePost('new_moduletype');
$name = $val->sanitizePost('new_modulename');
$dir = $val->sanitizePost('new_moduledir');
$desc = $val->sanitizePost('new_moduledesc');
$author = $val->sanitizePost('new_moduleauthor');
$func = 'page';
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_add', false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Pages', 'pages_add')) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to add a page.'), 'success' => false);
print json_encode($ajax);
exit;
}
// note: all pages are listed in the dropdown, even hidden / private AND deleted!
$dropdown_list = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(1), 0);
// template / variant
$template = CAT_Helper_Page::properties($val->sanitizePost('parent_id', 'numeric'), 'template');
$variant = CAT_Helper_Page::getPageSettings($val->sanitizePost('parent_id', 'numeric'), 'internal', 'template_variant');
$variants = array();
$info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($val->sanitizePost('parent_id', 'numeric')));
if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true;
$backend = CAT_Backend::getInstance('admintools', 'admintools', $header);
$admin =& $backend;
$val = CAT_Helper_Validate::getInstance();
$get_tool = $val->sanitizeGet('tool', NULL, true);
if ($get_tool == '') {
$get_tool = $val->sanitizePost('tool', NULL, true);
}
if ($get_tool == '') {
header("Location: index.php");
exit(0);
}
// check tool permission
if (!CAT_Users::get_permission($get_tool, 'module')) {
header("Location: index.php");
exit(0);
}
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$local = array('pages' => 'backend_pages_modify.js', 'access' => 'backend_users_index.js', 'addons' => 'backend_addons.js', 'media' => 'backend_media.js', 'preferences' => 'backend_preferences.js', 'settings' => array('backend_pages_modify.js', 'backend_settings_index.js'), 'login_index' => 'login.js');
$mod_headers = array('backend' => array('meta' => array(array('name' => 'viewport', 'content' => 'width=device-width, initial-scale=1')), 'css' => array(array('media' => 'screen', 'file' => 'templates/freshcat/css/default/index.css'), array('media' => 'screen', 'file' => 'modules/lib_jquery/plugins/qtip2/qtip2.min.css')), 'jquery' => array(array('core' => true, 'ui' => true, 'all' => array('jquery.highlight', 'jquery.cookies', 'tag-it', 'qtip2', 'jquery.form', 'jquery.livesearch', 'jquery.smarttruncation', 'cattranslate'))), 'js' => array(array('debug.js', 'jquery.fc_set_tab_list.js', 'jquery.fc_toggle_element.js', 'jquery.fc_resize_elements.js', 'jquery.fc_show_popup.js', 'general.js', 'pages_tree.js', 'session.js'))));
// get current backend section to add local JS
$page = strtolower(CAT_Backend::getInstance()->section_name);
if (isset($local[$page])) {
if (!is_array($local[$page])) {
$local[$page] = array($local[$page]);
}
$mod_headers['backend']['js'][0] = array_merge($mod_headers['backend']['js'][0], $local[$page]);
}
if ($page == 'addons') {
array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/tabs.css'));
if (CAT_Helper_Addons::isModuleInstalled('lib_dropzone')) {
$mod_headers['backend']['js'][0][] = '/modules/lib_dropzone/vendor/dropzone.min.js';
array_push($mod_headers['backend']['css'], array('file' => 'modules/lib_dropzone/vendor/dropzone.min.css'));
}
array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/addons.css'));
}
// check for custom JS for current backend page
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
global $parser;
$backend = CAT_Backend::getInstance('start');
$user = CAT_Users::getInstance();
$lang = CAT_Helper_I18n::getInstance();
$widget = CAT_Helper_Widget::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('start', 'start', false);
// ================================================
// ! Check if installation directory still exists
// ================================================
if (file_exists(CAT_PATH . '/install/')) {
CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/');
}
// exec initial_page
if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) {
$page = $user->get_initial_page();
if ($page) {
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('admintools', 'blackcatFilter');
$val = CAT_Helper_Validate::getInstance();
$showit = false;
$errors = array();
$upload_error = NULL;
// new filter?
if ($val->sanitizePost('filter_add')) {
$data = array();
foreach (array('module_name', 'name', 'description', 'code', 'active') as $key) {
if (!$val->sanitizePost('filter_' . $key)) {
if ($key == 'code' && isset($_FILES['filter_file'])) {
$data[$key] = '';
continue;
}
$errors[$key] = $backend->lang()->translate('Please fill out the field: {{ name }}', array('name' => $backend->lang()->translate($key)));
} else {
//**************************************************************************
if (!defined('SESSION_STARTED')) {
session_name(APP_NAME . 'sessionid');
$cookie_settings = session_get_cookie_params();
session_set_cookie_params(3 * 3600, $cookie_settings["path"], $cookie_settings["domain"], strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, 5)) === 'https', true);
unset($cookie_settings);
session_start();
CAT_Registry::register('SESSION_STARTED', true, true);
}
if (defined('ENABLED_ASP') && ENABLED_ASP && !isset($_SESSION['session_started'])) {
$_SESSION['session_started'] = time();
}
//**************************************************************************
// frontend only
//**************************************************************************
if (!CAT_Backend::isBackend() && !defined('CAT_AJAX_CALL') && !defined('CAT_LOGIN_PHASE') && defined('ENABLE_CSRFMAGIC') && true === ENABLE_CSRFMAGIC) {
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
//**************************************************************************
// Get users language
//**************************************************************************
$val = CAT_Helper_Validate::getInstance();
$user_lang = $val->sanitizeGet('lang');
if ($user_lang && $user_lang != '' && !is_numeric($user_lang) && strlen($user_lang) == 2 && file_exists(CAT_PATH . '/languages/' . $user_lang . '.php')) {
CAT_Registry::register('LANGUAGE', strtoupper($user_lang), true);
}
if (!CAT_Registry::exists('LANGUAGE')) {
CAT_Registry::register('LANGUAGE', DEFAULT_LANGUAGE, true);
}
// Load Language file
if (!defined('LANGUAGE_LOADED')) {
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_intro');
$val = CAT_Helper_Validate::getInstance();
// Get page content
$filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION;
if (file_exists($filename)) {
$handle = fopen($filename, "r");
$content = fread($handle, filesize($filename));
fclose($handle);
} else {
$content = '';
}
if ($val->sanitizeGet('wysiwyg') != 'no') {
if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == 'none' || !file_exists(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/include.php')) {
function show_wysiwyg_editor($name, $id, $content, $width, $height)
{
echo '<textarea name="' . $name . '" id="' . $id . '" style="width: ' . $width . '; height: ' . $height . ';">' . $content . '</textarea>';
// =========================================================
// ! Get display name of person who last modified the page
// =========================================================
$user = $users->get_user_details($results_array['modified_by']);
// =================================
// ! Add permissions to $data_dwoo
// =================================
$permission['pages'] = $users->checkPermission('Pages', 'pages') ? true : false;
$permission['pages_add'] = $users->checkPermission('Pages', 'pages_add') ? true : false;
$permission['pages_add_l0'] = $users->checkPermission('Pages', 'pages_add_l0') ? true : false;
$permission['pages_modify'] = $users->checkPermission('Pages', 'pages_modify') ? true : false;
$permission['pages_delete'] = $users->checkPermission('Pages', 'pages_delete') ? true : false;
$permission['pages_settings'] = $users->checkPermission('Pages', 'pages_settings') ? true : false;
$permission['pages_intro'] = $users->checkPermission('Pages', 'pages_intro') != true || INTRO_PAGE != 'enabled' ? false : true;
// list of all pages for dropdown, sorted by parent->child
$pages = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(CAT_Backend::isBackend()), 0);
// =============================================
// ! Add result_array to the template variable
// =============================================
$ajax = array('description' => $results_array['description'], 'keywords' => $results_array['keywords'], 'language' => $results_array['language'], 'level' => $results_array['level'], 'menu' => $results_array['menu'], 'menu_title' => htmlspecialchars_decode($results_array['menu_title'], ENT_QUOTES), 'modified_when' => $results_array['modified_when'] != 0 ? CAT_Helper_DateTime::getDate($results_array['modified_when']) : 'Unknown', 'page_id' => $results_array['page_id'], 'page_title' => htmlspecialchars_decode($results_array['page_title'], ENT_QUOTES), 'parent' => $results_array['parent'], 'searching' => $results_array['searching'] == 0 ? false : true, 'short_link' => substr($results_array['link'], strripos($results_array['link'], '/') + 1), 'target' => $results_array['target'], 'template' => $results_array['template'], 'visibility' => $results_array['visibility'], 'display_name' => $user['display_name'], 'username' => $user['username'], 'DISPLAY_MENU_LIST' => MULTIPLE_MENUS != false ? true : false, 'DISPLAY_LANGUAGE_LIST' => PAGE_LANGUAGES != false ? true : false, 'DISPLAY_SEARCHING' => SEARCH != false ? true : false, 'admin_groups' => explode(',', str_replace('_', '', $results_array['admin_groups'])), 'viewing_groups' => explode(',', str_replace('_', '', $results_array['viewing_groups'])), 'parent_list' => $pages, 'PAGE_EXTENSION' => $backend->db()->query("SELECT `value` FROM `:prefix:settings` WHERE name = 'page_extension'")->fetchColumn());
$ajax['variants'] = array();
$info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($results_array['page_id']));
if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
$ajax['variants'] = $info['module_variants'];
array_unshift($ajax['variants'], '');
}
$ajax['template_variant'] = CAT_Helper_Page::getPageSettings($results_array['page_id'], 'internal', 'template_variant');
// ====================
// ! Return values
// ====================
print json_encode($ajax);
/**
* Check if a output filter is already registered
*
* @param string $filter_name
* @param string $module_directory
* @return boolean
*/
function is_filter_registered($filter_name, $module_directory)
{
$backend = CAT_Backend::getInstance('addons', 'modules_install');
$SQL = sprintf("SELECT `filter_name` FROM `:prefix:mod_filter` WHERE " . "`filter_name`='%s' AND `module_name`='%s'", $filter_name, $module_directory);
if (false === ($name = $backend->db()->get_one($SQL, MYSQL_ASSOC))) {
return false;
}
return $name == $filter_name;
}
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
ob_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
$backend = CAT_Backend::getInstance('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id());
if (!$curr_user_is_admin) {
echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
exit;
}
$settings = array();
$sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"';
if ($res = $backend->db()->query($sql)) {
$row = $res->fetchRow(MYSQL_ASSOC);
}
if (!isset($row['value']) || $row['value'] == '') {
@(require_once CAT_PATH . '/framework/CAT/Object.php');
$guid = CAT_Object::createGUID();
$row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL;
$backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Access', 'users', false, false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', 'users')) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to view users'), 'success' => false);
print json_encode($ajax);
exit;
}
$user_id = $val->sanitizePost('id', 'numeric');
if (!$user_id || $user_id == 1) {
$ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
print json_encode($ajax);
exit;
}
$user = $users->get_user_details($user_id);
function print_footer()
{
return CAT_Backend::getInstance('')->print_footer();
}
if (empty($sub)) {
continue;
}
$dir .= '/' . $sub;
if (file_exists($dir . '/framework/class.secure.php')) {
include $dir . '/framework/class.secure.php';
$inc = true;
break;
}
}
if (!$inc) {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// protect
$backend = CAT_Backend::getInstance('Start', 'start', false, false);
if (!CAT_Users::is_authenticated()) {
exit;
}
// just to be _really_ sure...
require CAT_PATH . '/framework/CAT/ExceptionHandler.php';
// register exception/error handlers
set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler"));
set_error_handler(array("CAT_ExceptionHandler", "errorHandler"));
register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler"));
include dirname(__FILE__) . '/../data/config.inc.php';
$widget_name = 'Version check';
$error = $version = $newer = $last = $last_version = NULL;
$debug = false;
$doit = true;
if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$tpl_data = array();
$backend = CAT_Backend::getInstance('Addons', 'addons');
$users = CAT_Users::getInstance();
$addons = CAT_Helper_Addons::get_addons();
$counter = 0;
$seen_dirs = array();
$tpl_data['addons'] = array();
$tpl_data['not_installed_addons'] = array('modules' => array(), 'templates' => array(), 'languages' => array());
$tpl_data['groups'] = $users->get_groups('', '', false);
$tpl_data['username'] = $users->get_display_name();
// for new addons
global $parser;
foreach ($addons as $addon) {
// check if the user is allowed to see this item
if (!$users->get_permission($addon['directory'], $addon['type'])) {
$seen_dirs[] = $addon['directory'];
continue;
/**
* let the user manage the available backups
**/
function manage_droplet_backups()
{
global $parser, $settings, $val, $backend;
$groups = CAT_Users::get_groups_id();
if (!CAT_Helper_Droplet::is_allowed('manage_backups', $groups)) {
$backend->print_error(CAT_Backend::getInstance()->lang()->translate("You don't have the permission to do this"));
}
$rows = array();
$info = NULL;
$dirh = CAT_Helper_Directory::getInstance();
// recover
$recover = $val->get('_REQUEST', 'recover');
if ($recover && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover))) {
if (!function_exists('droplets_upload')) {
@(include_once dirname(__FILE__) . '/include.php');
}
$temp_unzip = $dirh->sanitizePath(CAT_PATH . '/temp/unzip/');
$result = droplets_import($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover), $temp_unzip);
$info = $backend->lang()->translate('Successfully imported [{{count}}] Droplet(s)', array('count' => $result['count']));
}
// delete single backup
$delbackup = $val->get('_REQUEST', 'delbackup');
if ($delbackup && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup))) {
@unlink($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup));
$info = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => $delbackup));
}
// delete a list of backups
// get all marked droplets
$marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array();
if (count($marked)) {
$deleted = array();
foreach ($marked as $file) {
$file = $dirh->sanitizePath(dirname(__FILE__) . '/export/' . $file);
if (file_exists($file)) {
@unlink($file);
$deleted[] = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => basename($file)));
}
}
if (count($deleted)) {
$info = implode('<br />', $deleted);
}
}
$backups = $dirh->scanDirectory($dirh->sanitizePath(dirname(__FILE__) . '/export'), true, true, NULL, array('zip'));
if (count($backups) > 0) {
// sort by name
sort($backups);
foreach ($backups as $file) {
// stat
$stat = stat($file);
// get zip contents
$count = CAT_Helper_Zip::getInstance($file)->listContent();
$rows[] = array('name' => basename($file), 'size' => $stat['size'], 'date' => strftime('%c', $stat['ctime']), 'files' => count($count), 'listfiles' => implode(", ", array_map(create_function('$cnt', 'return $cnt["filename"];'), $count)), 'download' => CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . basename($file)));
}
}
$parser->output('backups', array('rows' => $rows, 'info' => $info, 'backups' => count($backups) ? 1 : NULL));
}
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* @author Black Cat Development
* @copyright 2013, Black Cat Development
* @link http://blackcat-cms.org
* @license http://www.gnu.org/licenses/gpl.html
* @category CAT_Core
* @package CAT_Core
*
*/
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
CAT_Backend::getInstance('Pages', 'pages_modify')->db()->query(sprintf("DELETE FROM `%smod_wysiwyg` WHERE section_id = '%d'", CAT_TABLE_PREFIX, $section_id));
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_settings');
if (!$users->checkPermission('pages', 'pages_settings')) {
$backend->print_error('You do not have permissions to modify this page');
}
// ===============
// ! Get page id
// ===============
$page_id = $val->sanitizePost('page_id', 'numeric');
if (!$page_id) {
$backend->print_error('Missing page ID!');
}
// Include the WB functions file
require_once CAT_PATH . '/framework/functions.php';
// get form data
$language = $val->sanitizePost('map_language', NULL, true);
$link_page_id = $val->sanitizePost('link_page_id', 'numeric', true);
/**
*
* @access public
* @return
**/
public static function get_init_pages()
{
// frontend pages
$pages = CAT_Helper_Page::getPages();
$frontend_pages = array();
foreach ($pages as $page) {
$frontend_pages[$page['menu_title']] = 'pages/modify.php?page_id=' . $page['page_id'];
}
// admin tools
$tools = CAT_Helper_Addons::get_addons(NULL, 'module', 'tool');
$admin_tools = array();
foreach ($tools as $tool) {
$admin_tools[$tool['name']] = 'admintools/tool.php?tool=' . $tool['directory'];
}
// backend pages
$backend_pages = CAT_Backend::getPages();
return array('backend_pages' => $backend_pages, 'frontend_pages' => $frontend_pages, 'admin_tools' => $admin_tools);
}
/**
* Allows modules to register a file which should be allowed to load the
* config.php directly.
*
* This is only allowed in installation context!
*
* @access public
* @param string $module - module name
* @param string $filepath - relative file path
**/
public static function sec_register_file($module, $filepath)
{
global $admin;
if (!CAT_Backend::isBackend() && !is_object($admin) && !defined('CAT_INSTALL')) {
self::getInstance()->log()->logCrit("sec_register_file() called outside admin context!");
self::$error = "sec_register_file() called outside admin context!";
return false;
}
// check permissions
if (!CAT_Users::checkPermission('Addons', 'modules_install') && !defined('CAT_INSTALL')) {
self::getInstance()->log()->logCrit("sec_register_file() called without modules_install perms!");
self::$error = "sec_register_file() called without modules_install perms!";
return false;
}
// this will remove ../.. from $filepath
$filepath = CAT_Helper_Directory::sanitizePath($filepath);
if (!is_dir(CAT_PATH . '/modules/' . $module)) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])");
self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])";
return false;
}
if (!file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/' . $filepath))) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])");
self::$error = "sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])";
return false;
}
$self = self::getInstance();
$q = $self->db()->query('SELECT * FROM `:prefix:addons` WHERE directory=:dir', array('dir' => $module));
if (!$q->rowCount()) {
self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!");
self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!";
return false;
}
$row = $q->fetchRow();
// remove trailing / from $filepath
$filepath = preg_replace('~^/~', '', $filepath);
$q = $self->db()->query('SELECT * FROM `:prefix:class_secure` WHERE module=:mod AND filepath=:path', array('mod' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
if (!$q->rowCount()) {
$self->db()->query('REPLACE INTO `:prefix:class_secure` VALUES ( :id, :path )', array('id' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
return $self->db()->isError() ? false : true;
}
return true;
}
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Settings', 'settings', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Settings', 'settings')) {
$ajax = array('message' => $backend->lang()->translate("Sorry, but you don't have the permissions for this action"), 'success' => false);
print json_encode($ajax);
exit;
}
global $err_msg;
$err_msg = array();
require_once dirname(__FILE__) . '/functions.php';
$region = $val->sanitizePost('current_page');
switch ($region) {
case 'sysinfo':
// nothing to save here
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
header('Content-type: application/json');
$backend = CAT_Backend::getInstance('user', 'preferences', false, false);
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$extended = $user->getExtendedOptions();
$err_msg = array();
// =================================================
// ! remove any dangerouse chars from display_name
// =================================================
$display_name = $val->add_slashes(strip_tags(trim($val->sanitizePost('display_name'))));
$display_name = $display_name == '' ? $user->get_display_name() : $display_name;
// ==================================================================================
// ! check that display_name is unique in whole system (prevents from User-faking)
// ==================================================================================
$sql = 'SELECT COUNT(*) FROM `:prefix:users` WHERE `user_id` <> :id AND `display_name` LIKE :name';
if ($backend->db()->query($sql, array('id' => (int) $user->get_user_id(), 'name' => $display_name))->fetchColumn() > 0) {
$err_msg[] = $backend->lang->translate('The username you entered is already taken');
/**
*
**/
function getPagesList($fieldname, $selected, $add_empty = false)
{
$pages_list = CAT_Helper_Page::getPages(CAT_Backend::isBackend());
$deleted = CAT_Helper_Page::getPagesByVisibility('deleted');
if (count($deleted)) {
$arrh = CAT_Helper_Array::getInstance();
foreach ($deleted as $page) {
$arrh->ArrayRemove($page, $pages_list, 'page_id');
}
}
if ($add_empty) {
array_unshift($pages_list, array('page_id' => 0, 'parent' => 0, 'level' => 0, 'is_open' => false, 'menu_title' => CAT_Helper_Page::getInstance()->lang()->translate('[none (use internal)]')));
}
return CAT_Helper_ListBuilder::getInstance(true)->config(array('space' => '|-- '))->dropdown($fieldname, $pages_list, 0, $selected);
}
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$update_when_modified = true;
$val = CAT_Helper_Validate::getInstance();
$user = CAT_Users::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_modify');
// ===============
// ! Get page id
// ===============
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
$section_id = $val->get('_REQUEST', 'section_id', 'numeric');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
/**
* returns a list of page_id's containing the children of given parent
*
* @access public
* @param integer $parent (default:0)
* @param boolean $add_sections (default:false)
* @return array
**/
public static function getPagesByParent($parent = 0, $add_sections = false)
{
if (!count(self::$pages_by_parent)) {
$pages = self::getPages(CAT_Backend::isBackend());
foreach ($pages as $page) {
self::$pages_by_parent[$page['parent']][] = $page['page_id'];
}
}
return isset(self::$pages_by_parent[$parent]) ? self::$pages_by_parent[$parent] : array();
}